ZeroShell is prone to an arbitrary code execution vulnerability due to an improper input validation mechanism. An aggressor may abuse this weakness in order to compromise the entire system. Authentication is not required in order to exploit this flaw. Proof of concept: /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;<CMD HERE>;%22 In addition to the Unix commands, it is possible to abuse the ZeroShell scripts themself. For instance it is likely to use the "getkey" script in order to retrieve remote files, including the content in the html page.
An unauthenticated user may directly invoke the "SaveCfgFile" CGI program and easily download the system configuration containing configuration information, users, passwords, wifi keys and other sensitive information.
A buffer overflow vulnerability exists in the HTTP protocol version string of a vulnerable server. An attacker can exploit this vulnerability by sending a malicious version string to the vulnerable server. This can cause a denial of service or potentially allow the attacker to execute arbitrary code on the vulnerable server.
YANOCC is a simple and fast webmail client which can handle POP3, SMTP, and IMAP servers. YANOCC is based on NOCC's code and is written with PHP4. It features multi-language support, MIME attachments, displays HTML messages, address book, folder support. In file check_lang.php, if the $lang variable is not set, it will take the value of the $HTTP_ACCEPT_LANGUAGE variable and check if the file exists in the lang directory. If the file does not exist, it will set the $lang variable to the default language. This can be exploited to include arbitrary local files by passing a relative path in the lang parameter.
ZeroBoardXE (VERSION 1.1.5 (09.01.22)) is a widely used bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. A Cross-Site Scripting (XSS) vulnerability was discovered in the 'removeHackTag' function of the 'func.inc.php' file. By exploiting this vulnerability, an attacker can gain administrator privileges and control the board system fully.
Discovered by MisterRichard, FlexCMS is vulnerable to a Remote SQL Injection vulnerability. This vulnerability allows an attacker to gain access to the database of the application. The injection can be performed by appending a malicious SQL query to the vulnerable parameter in the URL. The vulnerable parameter is 'catId' and the malicious SQL query is 'union all select 1,2,3,concat(username,char(58),password)+from+users--'. This query will return the username and password of all users in the database.
The vulnerability is a Remote File Include and Remote XSS vulnerability. The Remote File Include vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable server, containing a URL in the _SESSION[SCRIPT_PATH] parameter, which can be used to include a remote file from an arbitrary external source. The Remote XSS vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable server, containing a malicious JavaScript code in the language parameter, which will be executed in the browser of the victim.
AdaptCMS Lite 1.4 is vulnerable to Remote File Include and Remote XSS. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. The Remote File Include vulnerability can be exploited by sending a maliciously crafted URL to the vulnerable application. The Remote XSS vulnerability can be exploited by sending a maliciously crafted URL to the vulnerable application. The Cross Site Scripting in URI and path can be exploited by sending a maliciously crafted URL to the vulnerable application.
Hedgedog-CMS version 1.21 and prior are vulnerable to a remote command execution vulnerability. An attacker can exploit this vulnerability by sending a malicious POST request to the specialacts.php script. This will allow the attacker to upload a malicious PHP shell to the user/upload/ directory. The attacker can then execute arbitrary commands on the vulnerable system by sending a GET request to the uploaded shell.
This exploit allows an attacker to execute arbitrary commands on a vulnerable system. The vulnerability exists in the PHP Director CMS, which is vulnerable to a SQL injection attack. The attacker can craft a malicious SQL query that will inject a malicious PHP script into the vulnerable system. The script will then be executed when the attacker sends a specially crafted HTTP request to the vulnerable system.
Services By CQR