The vulnerability exists in the modules/dictionary/print.php script, when the 'id' parameter is supplied with a malicious SQL query, it is possible to extract information from the database.
Multiple Remote File Include Vulnerabilities exist in the PHPauction GPL 2.51 software. The vulnerabilities are present in the converter.inc.php, messages.inc.php and settings.inc.php files. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing a malicious URL in the include_path parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
Exero CMS 1.0.1 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the server, which can lead to remote code execution. The vulnerable scripts are: /Exero_CMS_1-0-1/themes/Default/usercp/index.php, /Exero_CMS_1-0-1/themes/Default/usercp/editpassword.php, /Exero_CMS_1-0-1/themes/Default/usercp/avatar.php, /Exero_CMS_1-0-1/themes/Default/custompage.php, /Exero_CMS_1-0-1/themes/Default/errors/404.php, /Exero_CMS_1-0-1/themes/Default/members/memberslist.php, /Exero_CMS_1-0-1/themes/Default/members/profile.php, /Exero_CMS_1-0-1/themes/Default/news/index.php, /Exero_CMS_1-0-1/themes/Default/news/fullview.php, /Exero_CMS_1-0-1/themes/Default/nopermission.php.
A remote SQL injection vulnerability exists in phpBP <= RC3 (2.204) FIX4. An attacker can send a specially crafted HTTP request containing an SQL query to the vulnerable script, which will then be executed in the context of the web server process. This can be exploited to manipulate SQL queries by e.g. injecting arbitrary SQL code. This can be exploited to disclose the contents of the database, modify data, or gain access to sensitive information such as user credentials.
Multiple Timesheets version 5.0 and prior are vulnerable to Directory Traversal, Cross Site Scripting and Cookie Manipulation. An attacker can exploit these vulnerabilities to gain access to sensitive information, manipulate cookies and execute arbitrary code on the vulnerable system.
This is a stack based buffer overflow vulnerability in Rosoft Media Player 4.1.8. It is similar to one discovered by Juan Pablo Lopez Yacubian. This vulnerability concerns RML files, and it is possible to overwrite EIP. A proof of concept code is provided which creates a malicious RML file with 5000 A characters.
Fuzzylime CMS version 3.01 and below is vulnerable to a Remote File Inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'admindir' parameter of the 'display.php' script. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary PHP code. The attacker can also gain access to the web server process user privileges.
This exploit allows a remote attacker to execute arbitrary code on a vulnerable system. It is triggered by sending a specially crafted IMAP POST AUTH request to the vulnerable system. The exploit is written in Python and is capable of exploiting Windows 2000, Windows XP and Windows 2003 systems.
This exploit causes a denial of service on rpc.metad in SunOS 5.10 Sun Cluster. It uses a buffer overflow to send a large amount of data to the server, causing it to crash.
This exploit allows an attacker to print out all E-Mails for any account if a special configuration option is set.
Services By CQR