MAXcms 3.11.20b is vulnerable to Remote File Disclosure and Remote File Inclusion. In /includes/inc.thcms_admin_dirtree.php, the application is vulnerable to Remote File Disclosure when the parameter 'getjs' is set to '1' and the parameter 'thCMS_root' is set to 'inc.thcms_admin_dirtree.php%00'. In /includes/file_manager/special.php, the application is vulnerable to Remote File Inclusion when the parameter 'fm_includes_special' is set to a URL.
This flaw allows a guest to insert arbitrary SQL statments in the affected query.
There are many SQL Injection flaws but I post the only one that allows a guest to bypass the login. This bug allows a guest to bypass the login. login.php: $username = $_POST["nick"]; $password = md5($_POST["password"]); if ($data = $DB->usercheck($username, $password)) db.php: function usercheck($username, $password) { $try = mysql_query("SELECT * FROM users WHERE nick="'.$username."""" AND password=""'.$password."""" "");"
Arab Portal version 2.2 is vulnerable to a Local File Include vulnerability. This vulnerability allows an attacker to include a local file on the web server. The conditions for this vulnerability to be exploited are that Magic_quotes must be off and Register Globals must be on. The method used to bypass the 'direct access' is a LFI.
This exploit is a local buffer overflow exploit for Blaze HDTV Player 6.0. It is triggered when a specially crafted .PLF file is opened, which causes a buffer overflow and overwrites the SEH handler. This allows an attacker to execute arbitrary code on the vulnerable system.
RadASM 2.2.1.5 is vulnerable to a format string vulnerability. By creating a specially crafted .mnu file, an attacker can overwrite the ECX register and execute arbitrary code. The vulnerability is triggered when the application attempts to open the malicious .mnu file.
A vulnerability exists in Powered by Multi Website 1.5, which allows an attacker to inject arbitrary SQL commands via the 'action' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database, and can also execute arbitrary commands on the server.
MediaCoder 0.6.2.4275 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the application when handling a specially crafted .lst file. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a malicious .lst file. Successful exploitation could result in arbitrary code execution.
Elvin BTS 1.2.2 is vulnerable to SQL injection and Cross-Site Scripting (XSS). An attacker can exploit these vulnerabilities to gain access to sensitive information, execute arbitrary SQL commands, and inject malicious scripts into the web page.
Questions Answered v1.3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow an attacker to bypass authentication and gain access to the application.
Services By CQR