DatalifeEngine 8.2 is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'com_gameserver' component. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server etc.
A vulnerability exists in Ve-EDIT v 0.1.4 (debug_php.php) which allows an attacker to include a local file via the 'filename' parameter in the 'debug_php.php' script. This can be exploited to execute arbitrary PHP code by including files from local resources.
The vulnerability is found in the phpBB3 addon prime_quick_style. The POST parameter 'prime_quick_style' is injectable. After login, the user can manipulate the content from the 'prime_quick_style'-parameter. This will result in an update query to the USER_TABLE with the user_type set to 3 and user_permissions set to '', granting the user admin privileges.
This exploit is a buffer overflow vulnerability in akPlayer 1.9.0. It is a universal buffer overflow exploit which uses SEH to execute shellcode. It was discovered by TiGeR-Dz in 2009 and was published on milw0rm.com.
Hamster Audio Player 0.3a is vulnerable to a local buffer overflow vulnerability when a specially crafted Associations.cfg file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain.
A remote file inclusion vulnerability exists in Kingcms v0.6.0, which allows an attacker to include a remote file via the CONFIG[AdminPath] parameter in the menu.php script.
Xstate Real Estate 1.0 is vulnerable to bSQL and XSS. The vulnerable code is present in page.html (pid) and home.html (/), lands.html (/d). The PoC for bSQL is http://127.0.0.1/page.html?pid=[bSQL] and for XSS is http://127.0.0.1/home.html/[XSS] and http://127.0.0.1/lands.html/[XSS]. The demo URL for bSQL is http://demo.xstate.org/page.html?pid=1 and 1=1 TRUE and http://demo.xstate.org/page.html?pid=1 and 1=2 FALSE. The demo URL for XSS is http://demo.xstate.org/home.html/"><script>alert(document.cookie);</script> and http://demo.xstate.org/lands.html/"><script>alert(document.cookie);</script>.
A vulnerability in Joomla Component Com_Agora allows an attacker to include local files on the server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'page' parameter in the 'index.php' script when handling requests to the 'com_agora' component. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation will result in arbitrary local file inclusion.
The vulnerability exists due to improper sanitization of user-supplied input in the 'portalid' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass certain security restrictions, read or modify certain data, or exploit latent vulnerabilities in the underlying database.
Services By CQR