PHP-Nuke is vulnerable to Cross-site Scripting (XSS) and HTML Injection attacks due to insufficient sanitization and validation of user-supplied input. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'score' in the 'modules.php?name=News&op=rate_complete&sid=6&score' URL. This will allow the attacker to execute arbitrary HTML and JavaScript code in the browser of the victim.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.
Power BB 1.8.3 is vulnerable to a remote file include vulnerability due to the use of the $_SERVER['DOCUMENT_ROOT'] variable in the include statement. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server. The malicious URL contains the path to the attacker's malicious file, which is then included in the vulnerable application. This can lead to remote code execution on the vulnerable server.
SAPID-SHOP-1.3 is vulnerable to a remote file include vulnerability. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'root_path' parameter of the 'get_tree.inc.php' script. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the webserver process. This can be exploited to gain access to the server.
The MundiMail software is vulnerable to command injection due to the use of System() and Exec() without proper security practices. An attacker can exploit this vulnerability by sending a malicious command in the 'mypid' and 'idtag' parameters of the 'status/index.php' page. This will allow the attacker to execute arbitrary commands on the server.
Notepad is vulnerable to a Remote File Inclusion (RFI) vulnerability which allows an attacker to include a remote file containing arbitrary code, resulting in arbitrary code execution on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'GLOBALS[OCSP][DEFAULTCONFPATH]', 'GLOBALS[PROJECT][PHPINCPATH]' parameters in the 'newClient.php', 'index.php', 'calendar.php', 'forms/calendar.php' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the vulnerable parameter.
This exploit allows an attacker to gain access to the user credentials of the website by exploiting a SQL injection vulnerability in the 'index.php' page. The attacker can use the 'cat' parameter to inject a malicious SQL query which will return the user credentials from the 'itaf_user' table.
Orzex.py is a python script that exploits a format string vulnerability in the OrzHTTPd web server. The vulnerability is caused by improper handling of user-supplied input in the GET request. The exploit sends a specially crafted payload containing a format string to the vulnerable server, which can be used to overwrite the return address of the function and execute arbitrary code. The exploit also sends a trigger request to the server to execute the malicious code.
AIMP2 is vulnerable to a buffer overflow vulnerability when a specially crafted Unicode string is passed as an argument to the application. This can be exploited to execute arbitrary code by overwriting the EIP register with a pointer to the shellcode. The exploit was demonstrated by corelanc0d3r on his blog and was encoded using Skylined's alpha2 encoder.
Thatware is vulnerable to multiple remote file include vulnerability. Attacker can exploit this vulnerability by sending malicious payloads to vulnerable parameters. For example, in config.php, line 4, attacker can send malicious payloads to root_path parameter. Similarly, in artlist.php, line 28, attacker can send malicious payloads to root_path parameter. In thatfile.php, line 130, attacker can send malicious payloads to root_path parameter.
Services By CQR