A vulnerability exists in Image file upload by Bloody (http://www.bloodys.com/)!talian script, which allows an attacker to upload a malicious shell on the server. The vulnerability is due to insufficient validation of the uploaded file, allowing an attacker to upload a malicious shell on the server.
An attacker can exploit this vulnerability by sending a maliciously crafted URL to the target user. The URL contains a malicious JavaScript code which is executed in the user's browser when the URL is accessed. The malicious code can be used to set a cookie with the name 'admin_log' and value 'indoushka' and path '/'. This allows the attacker to login to the application without a password.
e-cart 3.0 is vulnerable to Backup, Upload Shell and RFI vulnerabilities. An attacker can exploit these vulnerabilities to gain access to the system and execute malicious code. The Backup vulnerability allows an attacker to access the backup files of the system. The Upload Shell vulnerability allows an attacker to upload a malicious file to the system. The RFI vulnerability allows an attacker to inject malicious code into the system.
The vulnerability exists in e-pay 1.55, which allows a remote attacker to include a remote file via the '_REQUEST[read]' parameter in 'a_affil.php' and 'popup.php' scripts. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
An attacker can access the backup.gz file from the server by accessing the URL http://server/epay/backup/backup.gz
An attacker can upload a malicious shell to the vulnerable Lizard Cart application by exploiting the upload feature. The malicious shell can be uploaded in the form of .php, .html, .pl, and .asp files. The uploaded shell can be accessed from the graphics folder of the application.
ES Simple Uploader v 1.1 is vulnerable to an upload shell vulnerability. An attacker can exploit this vulnerability by uploading a malicious file to the uploads/images/ directory, which can be accessed via the URL http://server/script/uploads/images/Ev!l.php. The attacker can then execute arbitrary code on the server.
FreeForum 1.7 is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system.
A Cross Site Scripting (XSS) vulnerability exists in FreeForum 1.7, which allows remote attackers to inject arbitrary web script or HTML via the index.php and/or the ? parameters. An attacker can exploit this vulnerability to execute malicious JavaScript code in the browser of an unsuspecting user in the context of the affected site.
A vulnerability in EZPX My photoblog allows an attacker to upload a malicious shell to the server. The attacker can access the shell by visiting the URL http://server/ezpx-1.2-beta/index.php?/admin/photos/upload and http://server/ezpx-1.2-beta/content/photos.
Services By CQR