A vulnerability exists in Greenwood Content Manager, which allows a remote attacker to execute arbitrary code on the vulnerable system. This is due to the application failing to properly sanitize user-supplied input to the 'content_path' parameter of the '/include/processor.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request containing arbitrary code to the vulnerable script. This will cause the code to be executed in the context of the web server process.
PHPGenealogy v2.0 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. This vulnerability exists due to insufficient sanitization of user-supplied input to the 'DataDirectory' parameter in 'CoupleDB.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the 'DataDirectory' parameter.
ZenPhoto 1.2.5 is vulnerable to a completely blind SQL injection vulnerability. This vulnerability can be exploited to extract the username and password hash of the admin from the database, as well as to login to the admin panel without knowing the plain text password. The exploit works by exploiting the fact that the sanitize function does not escape single quotes.
The vulnerability exists due to insufficient validation of user-supplied input in the 'fichier' parameter of the 'download.php' script. This can be exploited to download arbitrary files from the server by passing a relative path to the file in the 'fichier' parameter.
AudioPLUS 2.00.215 is vulnerable to a universal Seh Overwrite Exploit. This exploit was first discovered by hack4love and is applicable to .m3u and .lst file extensions. The exploit involves overflowing a buffer with malicious code and overwriting the SEH handler.
Multiple vulnerabilities in ILIAS LMS 3.10.7/3.9.9 allow remote attackers to obtain sensitive information and modify data via unspecified vectors.
My Category Order is a WordPress plugin that allows users to order categories in the WordPress admin panel. A vulnerability exists in the plugin that allows an attacker to inject arbitrary SQL commands into the application. This can be exploited to gain access to the underlying database and potentially gain access to sensitive information.
A buffer overflow vulnerability exists in Icarus 2.0 (.ICP File) due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is triggered when a specially crafted .ICP file is opened in the application. This vulnerability is exploited by overwriting the SEH handler with a malicious payload.
Icarus 2.0 is vulnerable to a stack-based buffer overflow vulnerability. The vulnerability is triggered when a maliciously crafted .plf file is loaded into the application. This can be exploited to execute arbitrary code by overwriting the saved return address with the address of the malicious code. The exploit code generates a malicious .plf file which contains a shellcode encoded with Alpha2.
Mobilelib Gold v3 is vulnerable to a local file disclosure vulnerability. This vulnerability allows an attacker to read any file on the server, including sensitive files such as /etc/passwd. This vulnerability is due to the fact that the application does not properly sanitize user-supplied input. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server.
Services By CQR