A vulnerability exists in phpwebthings version 1.5.2 and earlier which allows an attacker to include arbitrary files on the server. This is due to the application not properly sanitizing user-supplied input to the 'module' parameter in the 'help' script. An attacker can exploit this vulnerability to include arbitrary files from the web server, such as the web server's /etc/passwd file, resulting in the disclosure of sensitive information.
The vulnerability exists due to insufficient sanitization of the 'username' parameter in the 'login.php' script. An attacker can inject arbitrary SQL commands and gain access to the application. The exploit is achieved by sending a specially crafted HTTP request with the malicious 'username' parameter.
Cookies insecure: javascript:document.cookie="freeticket_cookie=[admin_name];path=/freeticket/"; SQL Injection: admin.php?action=viewticket&id=[sql code ] [sql code]=156+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10--
A vulnerability in Desi Short URL Script allows an attacker to set arbitrary cookies on the victim's browser. This can be exploited to gain administrative access to the application. The vulnerability is due to the application not properly verifying the cookie values. This can be exploited to set arbitrary cookies by sending a specially crafted HTTP request to the vulnerable application.
The variable was not declared properly in the index.php file, which allows for Local/Remote File Inclusion. If allow_url_fopen is set to on, then it allows for Remote File Inclusion, and if magic_quotes_gpc is set to off, then it allows for Local File Inclusion. The PoC for this vulnerability is http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd for LFI and http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE] for RFI.
LightNEasy contains one flaw that allows an attacker to disclose a local file because of file_get_contents it's possible to retrieve the configuration file passing as argument '../data/config.php'. Example: http://[host]/LightNEasy.php?page=../data/config.php
DX Studio Player plug-in for Firefox is vulnerable to a remote command execution vulnerability.
A vulnerability in Joomla com_vehiclemanager 1.0 allows an attacker to include a remote file via the mosConfig_absolute_path parameter in the toolbar_ext.php script.
A vulnerability in Joomla com_realestatemanager 1.0 allows remote attackers to include arbitrary files via a URL in the mosConfig_absolute_path parameter to toolbar_ext.php.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the back-end database.
Services By CQR