Function mystriprelative is a function to prevent user from inserting relative path into variable. As the code above, you can bypass this fuction by something like following Simple Algorithm: [+] When we use '.../...//' Function will convert to '../' [+] When we use './.....//' Function will convert to '../' [+] When we use '.../...//./.....//' Function will convert to '../../' So we must use '.../...//./.....//./.....//etc/passwd%00' Function will convert to '../../../etc/passwd%00'
AskMe Pro suffers from a insecure mysql query, this allows the remote attacker to view all users and there plaintext passwords. The injection is multirow so it should show all users on one page.
PHPEasyNews suffers from a insecure mysql query, this allows the remote attacker to arbitrary pull information from the database. thus allowing to login has admin, and possibly gaining a shell. The injection returns multi data, so it will show all users, the first is normally the admin.
EZCMS (all versions prior to date) suffers from 2 remote vulnerabilitys. One of these being a BLIND Sql Injection in 'index.php' and the 'page' variable is injectable. The second one being a insecure filemanager, the filemanager is hidden away in admin, the devs probarly thought no one would find it. The Blind SQL Injection can be tested by using http://site.com/index.php?page=1 and 1=1 and http://site.com/index.php?page=1 and 1=2. The Arbitrary Remote File Manager Access can be accessed by using http://site.com/ezcms/admin/filemanager/.
xeCMS suffers from a insecure cookie, the admin panel only checks if the cookie exists and not the content. So, an attacker can craft a cookie and look like a admin. After running the javascript, visit "/admin.php" to view admin area. An attacker can also upload a shell thru the admin area's upload feature.
Dana Irc client suffers from a remote buffer overflow, sending a buffer of around 2k overwrites the EIP therefor crashes the client. The reason why there isnt any shellcode here is because the client is coverting the junk/buffer data to unicode so its corrupting the shellcode. There are also other registers you can overwrite using diffrent junk data to overflow them.
This exploit is a DIY Blind SQL Injection Exploit which uses the index_topic.php did parameter to inject malicious SQL code into the vulnerable application. It is written in Perl and can be used to gain access to the database of the vulnerable application.
Cartweaver 3 is vulnerable to Blind SQL Injection Substring vulnerability. This vulnerability allows an attacker to extract sensitive information from the database. The attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. The attacker can use this vulnerability to extract usernames and passwords from the database.
A Denial-of-Service vulnerability exists in vsftpd 2.0.5 FTP Server on Red Hat Enterprise Linux (RHEL) 5, Fedora 6 to 8, Foresight Linux, rPath Linux. The vulnerability can be exploited by sending a large number of CWD commands to the vsftpd daemon with deny_file configuration option in /etc/vsftpd/vsftpd.conf or the path where FTP server is installed.
A vulnerability exists in WallCity-Server: Shoutcast Admin Panel 2.0, which allows a remote attacker to include a file from the local system. This can be exploited to disclose sensitive information by including files from the local system, such as the /etc/passwd file. The vulnerability is due to insufficient sanitization of user-supplied input to the 'page' parameter in 'index.php'. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and a NULL byte (%00) to the vulnerable script. This can be used to include arbitrary files from the local system.
Services By CQR