The Net Side Content Management System is vulnerable to remote file inclusion. This can be exploited by an attacker by manipulating the 'cms' parameter in the URL to include arbitrary files from remote servers. The vulnerability exists in two versions of the script, and the proof of concept demonstrates how an attacker can include a remote text shell. This vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerabilities in Live Wire for Wordpress allow an attacker to launch denial-of-service attacks, execute arbitrary script code, gain access to sensitive information, and steal authentication credentials. The attacker can exploit these vulnerabilities by sending malicious requests to the affected URLs.
The vulnerability allows an attacker to include a remote file via the 'mosConfig_absolute_path' parameter in the ImageManager.php file.
This exploit allows remote code execution through OLE Automation Array in pre-IE11 versions of Internet Explorer. The exploit was originally created by yuange and can be found on http://www.exploit-db.com/exploits/35229/. The rework of the exploit was done by GradiusX and b33f. The exploit uses the Veil-Framework and powershell/shellcode_inject/virtual shellcode. More information on how to use the exploit can be found on http://www.fuzzysecurity.com/exploits/21.html.
This vulnerability allows an attacker to inject SQL commands into the NewsID parameter of the page.asp file, potentially leading to unauthorized access to the database. An example of a possible exploit is provided in the text.
This exploit allows an attacker to perform a blind SQL injection attack on the ScriptMagix Lyrics <= 2.0 script. By exploiting this vulnerability, an attacker can retrieve the username and password of the admin user.
The iFRAME for PhpNuke (iframe.php) script is vulnerable to remote file inclusion. An attacker can include remote files by manipulating the 'file' parameter in the URL. This can lead to remote code execution and compromise of the affected system. The vulnerability exists in the iframe.php script.
This exploit allows an attacker to include arbitrary files from the local file system by manipulating the 'logi' parameter in the view.php file. By using directory traversal techniques, an attacker can access sensitive files such as /etc/passwd.
This exploit allows an attacker to gain system privileges by exploiting the Windows 2K Utility Manager. It gives the attacker a shell with system privileges. The exploit involves finding the Utility Manager window, sending specific messages to open the Open File dialog, setting the text to filter the listview to display only cmd.exe, and sending keystrokes to navigate and select the cmd.exe file. Finally, a context menu is triggered to execute the cmd.exe file with system privileges.
The FeedList Plugin for Wordpress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR