EvilBoard is vulnerable to XSS and Remote SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload in the 'c' parameter of the index.php page. This payload can be used to execute arbitrary JavaScript code in the context of the user's browser or to inject malicious SQL commands into the database.
An attacker can bypass the avatar upload extension filter editing the contenet type propriety by submitting a request to index.php?act=usercp&action=avatar with a Content-Type of application/x-php and a filename of shell.php containing malicious code.
Smallnuke cms version 2.0.4 and below is vulnerable to a SQL injection vulnerability in the password recovery feature. This vulnerability allows an attacker to gain access to the hashed passwords of users in the database. The attacker needs to have magic_quotes_gpc turned off and a MySQL version higher than 4.1 to exploit this vulnerability.
TUTOS is vulnerable to command execution vulnerability. An attacker can execute arbitrary commands on the vulnerable system by sending a specially crafted HTTP request to the vulnerable server. The vulnerable parameter is 'cmd' which is located in 'cmd.php' file. An attacker can access the file without any authentication and execute arbitrary commands on the vulnerable system.
eggblog version 3.1.0 and below is vulnerable to a SQL injection vulnerability in the cookies. This vulnerability allows an attacker to extract the hashed password of a user from the database. The attacker needs to have magic_quotes_gpc turned off and a MySQL version higher than 4.1.
EkinBoard version 1.1.0 and below are vulnerable to an authentication bypass vulnerability. This vulnerability allows an attacker to bypass the authentication check by setting the _groups[] parameter to 2. This can be done by appending the parameter to the URL, for example: test1.ru/skvoznoy/backup.php?_groups[]=2. Additionally, the upload function can be used to upload any file bypassing the filters. The attacker can name the shell file.php.gif and select it as their avatar. The uploaded file can then be found in the uploaded/avatars/filename_your_id.php directory.
FlexBB <= 0.6.3 is vulnerable to a SQL injection vulnerability in the cookies. This vulnerability allows an attacker to gain access to the database and extract the hashed password of a user. The attacker needs to have magic_quotes_gpc turned off and mysql version higher that 4.1.
Multiple SQL Injection vulnerabilities (authentication bypass) exist in OneCMS. A remote attacker can bypass the login form regardless of magic quotes setting by providing a username of 'admin' or 1=1 /* and any password. This allows the attacker to do administration tasks such as file upload. Additionally, an arbitrary file upload vulnerability exists in the upload.php script, allowing an attacker to upload malicious files to the server. This vulnerability is only exploitable if magic_quotes_gpc is set to Off.
A Denial of Service vulnerability was found in Counter Strike 1.6, which works only with no-steam servers. The bug was found by Maxim Suhanov (THE FUF). An attacker can exploit this vulnerability by sending a malicious request to the server, causing it to crash.
A vulnerability exists in Shop-Script 2.0 which allows an attacker to disclose sensitive information by sending a specially crafted HTTP request containing directory traversal sequences. An attacker can exploit this vulnerability to view arbitrary files on the target system.
Services By CQR