AWCM v2.1 is vulnerable to Local File Disclosure and Authentication Bypass. The Local File Disclosure vulnerability exists due to insufficient sanitization of user-supplied input in the 'a' parameter of the 'a.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to read arbitrary files from the server. The Authentication Bypass vulnerability exists due to insufficient sanitization of user-supplied input in the 'username' and 'password' parameters of the 'login.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to bypass authentication and gain access to the application.
GLinks v2.1 is vulnerable to a blind SQL injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL queries on the vulnerable system. The vulnerability is located in the 'cat' parameter of the 'index.php' script. An attacker can inject malicious SQL queries to the vulnerable parameter and execute them on the vulnerable system. This can be exploited to gain access to the vulnerable system and to gain access to sensitive data stored in the database.
e107 Plugin my_gallery 2.4.1 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This can lead to the attacker gaining access to sensitive information, such as passwords, or even full control of the server.
Winmod 1.4 is vulnerable to a local stack overflow vulnerability. This exploit was discovered by CWH Underground and tested on Windows XP SP2 EN. The exploit creates a malicious .lst file which contains a shellcode that can be used to execute arbitrary code on the vulnerable system.
Phorum's filtering engine insufficiently filters some BBcode arguments. Using the bbcode tags [color] and [size] it is possible to execute Javascript using expression CSS property. For IE6, the user can use the bbcode [color=#000000;background-image:url(javascript:alert('Sysdream_IE6_Alert'));]Sysdream Testing IE6[/color]. For IE7, the user can use the bbcode [color=#000000;xss:expression(alert('Sysdream_IE7_Alert'));]Sysdream Testing XSS[/color]. For Firefox and IE8, the user can upload an htc or xml file on the phorum using the 'My Files' function in 'Control Center' and use the bbcode [color=#000000;-moz-binding:url(http://127.0.0.1/phorum/file.php?0,file=9,filename=script.xml#mycode);]Sysdream Testing FF[/color] or [color=#000000;behavior:url(http://127.0.0.1/phorum/file.php?0,file=8,filename=script.htc);]Sysdream Testing FF[/color].
This exploit is a universal buffer overflow exploit for the WINMOD 1.4 application. It was tested on Windows XP SP2 FR and was originally published on milw0rm.com by Dz_Girl. The exploit uses a shellcode to execute a calculator program.
A local heap overflow vulnerability exists in otsAV 1.77.001 when a specially crafted .ofl file is opened. This can be exploited to cause a stack-based buffer overflow by corrupting the heap memory. Successful exploitation may allow execution of arbitrary code.
Meta Search Engine 1.0 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code. This code is then executed on the web server.
The Web Business Directory 1.0 (search.php) is vulnerable to SQL Injection and XSS. An attacker can exploit this vulnerability by sending malicious SQL queries and XSS payloads to the vulnerable parameter 'st' in the search.php file.
An attacker can bypass authentication by entering 'or 1=1/*' as the username and password in the login page of APBook 1.3.0. This will allow the attacker to log in as an admin.
Services By CQR