Sine cms is affected by a local file inclusion vulnerabily with register_globals on. Usually, this is a correctly code, with no possible exploitation. But if register_globals is ON, we can edit via GET the $sine[config][index_main] value, and then, using null byte, we'll get a local file inclusion vulnerability like: http://localhost/sinecms/mods/Integrated/index.php?sine[config][index_main]= {FILE_TO_INCLUDE}%00 But pay attention, in this way the include_one functio will be disabled, so we can't include a php file.
DCP Portal version 6.11 is vulnerable to a remote SQL injection vulnerability. This vulnerability is due to the lack of proper sanitization of user-supplied input to the 'cid' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The exploit code uses the '%27' character to bypass the filter and inject malicious SQL code into the query.
NetRisk contains of other SQL Injection/XSS/LFI bugs in other pages. An attacker can exploit these vulnerabilities to gain access to sensitive information such as login credentials and cookies.
Preg_replace with 'e' modifier allows code execution. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'text' in the 'html.php' file.
Horde Web-Mail is vulnerable to a remote file disclosure vulnerability due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability to read arbitrary files from the vulnerable server.
A vulnerability in Loudblog version 0.6.1 and earlier allows remote attackers to execute arbitrary code via a crafted template parameter in a parse_old.php request.
PortalApp is a Content Management System (CMS) for websites. The user input 'sortby' is directly used in query statement. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The crafted request contains malicious SQL statements that can be used to extract sensitive information from the database.
Newbb_plus version 0.92 and below is vulnerable to a SQL injection vulnerability. This vulnerability allows an attacker to gain access to the hashed passwords of users in the database. The attacker needs to have magic_quotes_gpc turned off and a MySQL version higher than 4.1 to exploit this vulnerability.
This file allowed you to upload directly a PHP script or anything you want it. You have just to enter into http://[TARGEt]/[path_wordpress]/wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php. After uploading you evil script you will find it in this directory http://[TARGEt]/[path_wordpress]/uploaded/[evil].(php). HeRe we are some dorks: plugins/wp-filemanager/ inurl:/wp-filemanager/
When magic_quotes_gpc is disabled, its possible to bypass extension check via null character injection ( because of null terminating behavior in any function that uses fopen_wrappers ) which could result in source code disclosure. It is also possible to inject malicious php code via as_dir parameter which could result in local file inclusion.
Services By CQR