EasyPHP is a WAMP software bundle that installs web server services onto the Windows computer and allows quick-and-easy development of PHP and MySQL on a localhost (also known as 127.0.0.1). The package includes an Apache server, a MySQL database, and the PHP extension. A slight look on i18n.inc reveals that EasyPHP does not verify user Input ( Lang parameter ) wich leads to arbitrary overwrite EasyPHP configuration file (EasyPHP.ini). The request http://localhost/index.php?lang=fr%00Lang=Overwritten results in overwriting EasyPHP.ini Adding the string "Lang=Overwritten".
microTopic v1 Initial Release is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries via the 'rating' POST parameter, which can be used to extract sensitive information from the database.
A vulnerability in openWYSIWYG <= 1.4.7 allows an attacker to traverse directories outside of the intended directory. This can be exploited by sending a specially crafted HTTP request to the vulnerable server, such as http://[target]/[path]/addons/imagelibrary/select_image.php?dir=../../../
A vulnerability exists in Dacio_imgGal-v1.6, which allows an attacker to bypass authentication and upload a malicious shell. This is done by accessing the index.php page with the parameter 'gallery' set to '../config.inc%00'. The attacker can then access the admin.php page and add an image, which can be used to upload a malicious shell. The shell can be accessed at '/images/beauty_1/shell.php' or '/images/aa/shell.php' if the beauty_1 directory is deleted. The dork used to find vulnerable sites is 'intitle:"Dacio's Image Gallery"'.
eggBlog contains one flaw that allows an attacker to carry out a local directory transversal attack. The issue is due to 'select_image.php' script not properly sanitizing user input supplied to the 'dir' GET variable. Note: you may upload image files with double ext on _lib/openwysiwyg/addons/imagelibrary/insert_image.php
This exploit allows an attacker to access arbitrary files on the vulnerable server. The attacker can use this exploit to gain access to sensitive information such as configuration files, source code, etc.
The vulnerability is caused due to an error in handling the request (ABOR). This can be exploited to satured the FTP service, and make the server inaccessible for several days.
An attacker could be able to include arbitrary local files through the require function at line 144, due to $_GET['lang'] parameter isn't properly sanitised. Successful exploitation requires magic_quotes_gpc = off
Battle Blog 1.25 is vulnerable to a remote file upload vulnerability. An attacker can upload malicious files to the vulnerable server by exploiting the uploadform.asp page. This can lead to remote code execution.
The dispatcher servlet (com.acme.DispatchServlet) is prone to a DoS vulnerability. This example servlet is meant to be used as a resources dispatcher, however a malicious aggressor may abuse this functionality in order to cause a recursive inclusion. In detail, it is possible to abuse the method com.acme.DispatchServlet.doGet(DispatchServlet.java:203) forcing the application to recursively include the "DispatchServlet". As a result, it is possible to trigger a "java.lang.StackOverflowError" and consequently an internal server error (500). Multiple requests may easily affect the availability of the entire servlet container.
Services By CQR