WP Plugin Lytebox is vulnerable to Local File Include and Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. This will allow the attacker to read sensitive files from the server and execute arbitrary code on the server.
cpCommerce contains one flaw that allows an attacker to include a remote or local file because of require_once() in _functions.php. The vulnerability is due to the $prefix variable being passed to the require_once() function in _functions.php, which can be manipulated to include arbitrary files.
Mole Adult Portal Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This CMS also has other vulnerabilities, such as SQL Injections, but, unfortuntaly, who wrote this CMS was a bit an idiot, because declared functions called, for example, 'try', forgot some ';' or '}' somewhere... Call me lazy or what you want but I don't want to spend time fixing a CMS just for code an exploit ... Exploit: http://hostname/myfirstcms/delete.php?file=[file_to_delete]
A bug was discovered in the way FreeBSD, OS X and Solaris (prior version 10) handle symlinks appended with a slash (/). Accessing a regular file through a symbolic link with appended slash succeeds because the slash apperently gets silently dropped. On systems that do not expose this behaviour, a call to stat("symlink.php/") or open("symlink.php/") to a symlink pointing to example.php, will not succeed and set errno to ENOTDIR. This is not the case on the systems mentioned. The vulnerability arises when an application filters access to or decides how to handle a file based on a suffix match. An attacker could circumvent normal behaviour by appended a slash to the filename, resulting in said access rules not applying. Lighttpd in versions prior to 1.4.23 was not aware of this bug and therefor can be tricked by an attacker. It decides how to process a request based on suffix rules provided in its config, usually matching "^.*.php$". The attacker can bypass this rule and gain access to the sourcecode of the .php file possibly revealing sensitive information like passwords.
A vulnerability in Cute Editor ASP.NET allows remote attackers to download arbitrary files from the web server via a ../ (dot dot) in the type parameter to Load.ashx.
A Blind SQL Injection vulnerability exists in the name of vbplaza.php, a mod for vBulletin, which is able to retrieve admin hash. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can use the ascii() function to encode the substring of the SELECT statement to retrieve the admin hash.
This is an exploit for Winamp 5.551 MAKI Parsing Integer Overflow vulnerability. It was tested on Vista SP1 and XPSP3 and was found to be successful. The exploit was written by Monica Sojeong Hong and was based on the two exploits posted on milw0rm. It was found that the new patch applied to Winamp 5.552 changed the sign extension from movsx to movzx.
Dokuwiki is vulnerable to Local File Inclusion due to the lack of proper sanitization of user-supplied input. The vulnerability exists in the ‘/inc/init.php’ file, which is responsible for loading the configuration files. The ‘$config_cascade’ array can be set via register_globals, allowing an attacker to include arbitrary files from the local system. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can be used to read sensitive files from the server, or even execute arbitrary code if the attacker is able to upload a malicious file to the server.
This script has three vulnerabilities: insecure cookie handling, cookie grabber, and upload shell. For insecure cookie handling, a JavaScript code can be used to bypass the control panel. For cookie grabber, a logger.php file can be created and a comment with a JavaScript code can be posted to send the cookie to the logger.txt file. For upload shell, a shell.php.jpg file can be uploaded and then shown.
Services By CQR