GLINKS v2.1 is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a malicious URL in the 'abspath' parameter of the 'header.php' script. This malicious URL can be used to include a remote file containing arbitrary malicious code which will be executed by the vulnerable server.
A vulnerability in clicktech.com's clickcart 6.0 software allows an attacker to bypass authentication and gain access to the system. The vulnerability is caused by a SQL injection in the customer_login.asp page, which allows an attacker to use the 'r0' or '1=1--' username and password combination to gain access.
A vulnerability in WholeHogSoftware Password Protect allows an attacker to set an adminid cookie to 8, granting them administrative access to the application. This is done by using a malicious JavaScript payload, which sets the cookie to 8 and sets the path to '/'. This vulnerability affects versions prior to 1.0.1.
WholeHogSoftware Ware Support is prone to an insecure cookie handling vulnerability. An attacker can exploit this issue to gain administrative access to the application. The attacker can exploit this issue by setting the 'adminid' cookie to '8'. This will grant the attacker administrative access to the application.
OpenHelpDesk version 1.0.100 is vulnerable to a php code execution vulnerability due to improper use of eval(). The php.ini register_globals directive is *not* required to be on to exploit this vulnerability. There is no known public exploit for this vulnerability.
This exploit allows an attacker to execute arbitrary code on a vulnerable system. It takes advantage of a vulnerability in the phpsploit <= 0.8.1.1 web application, which allows an attacker to inject malicious code into the application. The exploit then uses a combination of PHP functions to bypass security measures and execute the code.
eVision CMS 2.0 is vulnerable to arbitrary file upload. When the user uploads a file, on it will be added the .gif extension. But this cms is vulnerable to Local File Inclusion, so we can include the .gif file and execute it.
This exploit allows an attacker to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'message' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable system.
This exploit allows an attacker to gain access to the password of a user in the phpBLASTER 1.0 RC1 CMS. The exploit uses a blind SQL injection vulnerability to gain access to the password of the user. The exploit sends a specially crafted HTTP request with a malicious cookie to the server. If the cookie is accepted, the server will take more time to respond, indicating that the exploit was successful.
Elecard AVC HD PLAYER is prone to a local stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Services By CQR