A local file inclusion vulnerability exists in DomPHP 0.82. An attacker can exploit this vulnerability to include arbitrary files from the local system. This can be exploited to gain access to sensitive information or execute arbitrary code on the vulnerable system. The vulnerable code is located in the /aides/index.php file. The code allows an attacker to include arbitrary files from the local system by sending a specially crafted HTTP request containing directory traversal characters. This can be exploited to include arbitrary files from the local system.
Limbo 1.0.4.2 and probably lower versions are vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
A buffer overflow vulnerability exists in AxRUploadServer.dll, a component of ImageStation that is a servicemark of Sony Electronics Inc. An access violation occurs when executing 0x42424242. An attacker can exploit this vulnerability by sending a specially crafted string of 5922 'A' characters followed by 5 'B' characters to the SetLogging method of the ez-Upload control. This will cause a buffer overflow and allow arbitrary code execution.
When parsing an asx file with a long URL a stack overflow occurs. An url with 1096 A ( http://AAAAA....) will overwritte ESI and crash the program.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains a malicious SQL query in the ‘id’ parameter of the ‘func=detail’ component of the vulnerable application. The malicious SQL query can be used to extract sensitive information from the database, such as usernames and passwords.
An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
PowerNews (Newsscript) has Multiple Local File Include vulnerabilities. Non-authentication user can directly access to this scripts and administrator can include local files.
An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails stored in the database.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains a malicious SQL query in the 'sid' parameter of the 'index.php' script. This can allow the attacker to access the application's database and extract sensitive information.
This vulnerability allows remote attackers to upload arbitrary files to the vulnerable application. The vulnerability is due to the application not properly validating the file type of the uploaded file. This can be exploited to upload and execute arbitrary code on the vulnerable system.
Services By CQR