Jinzora Media Jukebox version 2.8 and prior is vulnerable to a local file inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'name' parameter of the 'index.php' script. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. This may result in a loss of integrity.
The user name is not checked before being used in the sql query so we can inject ' or 1 or username=' as the user name and get in as admin. Once logged in as admin, the Admin panel is enabled. Add a new self hosted game and when asked for "Thumb File" and "SWF Game File", choose your php shell file (or any other file you want to upload to the server). The file you uploaded is now saved in the "games directory" and "thumbs directory". To find out where they are located, choose "Site Settings" from the Admin panel.
This exploit is used to exploit the Syzygy CMS 0.3 application. It is done by exploiting the Local File Inclusion (LFI) vulnerability. It is done by creating a remote shell via SQL injection and then spawning the remote shell via LFI.
A vulnerability is caused due to an input validation error when handling FTP "DELE","RETR","MKD","RMD" requests. This can be exploited to escape the FTP root and delete arbitrary files, get arbitrary files, creat arbitrary directory, or delete arbitrary directory on the system via directory traversal attacks using the "../" character sequence. The vulnerability is also caused due to an error in handling the RETR command. This can be exploited to crash the FTP service by sending the "RETR" command without sending the "PORT" command.
This exploit allows an attacker to execute arbitrary commands on a vulnerable Codice CMS 2 installation. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious PHP code in the 'tag' parameter of the 'index.php' script.
eXeScope 6.50 is vulnerable to a local buffer overflow vulnerability. The vulnerability is caused due to a boundary error when handling a specially crafted executable file. This can be exploited to cause a stack-based buffer overflow by eXeScope 6.50 when opening a malicious executable file. Successful exploitation could result in arbitrary code execution.
Web application fails to validate and/or htmlencode user input when handling erroneous requests. This allows attacker to inject HTML and client-side scripts to victim's browser by creating suitable links. Web application fails to validate and/or htmlencode user input when displaying error messages. This allows attacker to inject HTML and client-side scripts to victim's browser by creating suitable requests. CMC-TC PU II uses sequential session IDs. This allows attacker to predict valid session IDs and hijack user sessions. CMC-TC PU II is shipped with default configuration which allows remote command execution. This allows attacker to execute arbitrary commands with root privileges.
This exploit allows remote command execution using an LFI and log file pollution using the User-Agent string. This works with register_globals = off and php 5.
This exploit is a local privilege escalation vulnerability in Apple MACOS X 792.0 <= xnu <= 1228.x. It was discovered by mu-b in 2008 and tested on Apple MACOS X 10.4.8 (xnu-792.14.14.obj~1/RELEASE_I386) to Apple MACOS X 10.5.6 (xnu-1228.9.59~1/RELEASE_I386). The exploit is a bash script which creates a disk image and attaches it to the system. It then executes the exploit which can be used to gain root access.
This exploit is a proof-of-concept for a local kernel DoS vulnerability in Apple MACOS X xnu <= 1228.x. It creates multiple threads that call the sysctl() function with a specially crafted argument, which causes the kernel to crash.
Services By CQR