IMGallery 2.5 is vulnerable to multiple remote SQL injection vulnerabilities. Attackers can exploit these vulnerabilities by sending maliciously crafted requests to the vulnerable application. The vulnerable parameters are 'start', 'kategoria', 'id_phot' in galeria.php, koment.php and opis.php respectively.
Multi-Page Comment System, suffers from insecure cookie handling, when a admin login is successfull the script creates a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are logged in as a legit admin. The below javascript code will create a cookie, after pasting the code into your browser and running on the affected domain, you can simply visit "/admin.php" and your admin.
RantX suffers from a insecure admin authentication peice of code, where the script checks to see if the cookie 'logininfo' exists. An attacker can craft a cookie with javascript to bypass this part, or form a legit login request. The password file is opened, then the lines are split into an array, then they are looped thru, if the line matches the cookie then authentication to admin is GIVEN (TRUE). An attacker can give the cookie a value of '<?php' or '?>' then when the cookie is checked against the password file, one line will return TRUE which will give the attacker admin access. The exploit is a javascript code that sets the cookie to '?>'. After running the code in the browser, the attacker can visit 'Admin.php' to exploit the vulnerability.
This exploit allows an attacker to add an admin user to the Pet Grooming Management System (PGMS) version 2.0. The attacker must provide a URL, username, and password to the script, which will then send a POST request to the useradded.php page with the provided credentials. If the request is successful, the attacker will be able to log in to the PGMS with the provided credentials.
A remote SQL injection vulnerability exists in 68classifieds category.php script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerable parameter is 'cat' which is not properly sanitized before being used in an SQL query.
This exploit is based on www.milw0rm.com/exploits/350 Utility Manager Privilege Elevation Exploit (MS04-019) by Cesar Cerrudo. It uses WM_COMMANDHELP, WM_COMMAND, WM_SETTEXT and IDOK to escalate privileges.
News Manager 2.0 is vulnerable to multiple vulnerabilities including Remote File Include, Remote File Disclosure, Remote SQL Injection, and Remote Permission Bypass. The Remote File Include vulnerability is present in the ch_readalso.php file, which allows an attacker to include a remote file. The Remote File Disclosure vulnerability is present in the attachments.php file, which allows an attacker to view the contents of a file on the server. The Remote SQL Injection vulnerabilities are present in the list_tagitems.php, advsearch.php, archive.php, and index.php files, which allow an attacker to inject malicious SQL queries. The Remote Permission Bypass vulnerability is present in the db/connect_str.php file, which allows an attacker to bypass authentication and gain access to the database. Additionally, an attacker can view the PHPINFO page by accessing the login/info.php file.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'top_view.php' and 'view.php' scripts. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands, disclosure of sensitive information, etc.
The Debian OpenSSL issue leads to only 65,536 possible SSH keys generated, as the only entropy is the PID of the process generating the key. This leads to a Perl script being used with the precalculated SSH keys to brute force the SSH login. It works if such a key is installed on a non-patched Debian or any other system manually configured to.
A remote file inclusion vulnerability exists in Kostenloses Linkmanagementscript, which allows an attacker to include a remote file on the web server. This is due to a lack of proper validation of user-supplied input to the 'main_page_directory' and 'page_to_include' parameters in the 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script, which will include the malicious file on the web server.
Services By CQR