This exploit is possible because the $id variable in check_url.php is taken from the url and then used in an SQL query without being sanitized.
A vulnerability in the ezwebitor web application allows an attacker to bypass authentication and gain access to the application. By sending a specially crafted HTTP request, an attacker can inject a malicious SQL query into the application, allowing them to bypass authentication and gain access to the application.
A vulnerability in webClassifieds© 2005 allows an attacker to gain access to the application by setting the sAuth cookie to a valid user ID. This can be done by using the following JavaScript code: javascript:dcocument.cookie="sAuth=[id];path=/".
A stack overflow vulnerability exists in Groovy Media Player Version 1.1.0 when handling .M3U files. An attacker can exploit this vulnerability by creating a malicious .M3U file containing 4104 bytes of data and then convincing a user to open the file. This will cause a stack overflow and allow the attacker to execute arbitrary code on the user's system.
A stack overflow vulnerability exists in 1by1 1.67 when a specially crafted .M3U file is opened. This can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code.
Flatnux suffers from multiple local file inclusions, which can be exploited by malicious people to include arbitrary files from local resources. Successful exploitation requires that 'register_globals' is set to 'on'. The vulnerabilities are located in multiple files, such as 'admin.php', 'search.php', 'section.php', 'cc_functions.php', 'theme.php' and 'xmldb.php'.
A vulnerability exists in Seditio CMS which allows an attacker to inject arbitrary SQL commands via the 'plug.php?e=events&f=old&c=all' parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary commands.
The upload-file.php doesn't check the type of archive and you can uploaded the phpshell on the server. To exploit the vulnerability, the attacker needs to upload a malicious file, view the source code of the page, and then access the malicious file using the URL provided in the source code.
This bug allows a guest to include local files. The vulnerable code is present in the index.php file, which does not check the user input for the 'lang' parameter. This allows an attacker to include arbitrary local files on the system.
This exploit is related to MS09-014 vulnerability in Microsoft Internet Explorer. It is a race condition memory corruption vulnerability which occurs when an EMBED element is used with a malicious MIME type. The exploit code creates an EMBED element and sets its source to a malicious executable file. Then it iterates through an array of MIME types and sets the type of the EMBED element to each of the MIME types in the array.
Services By CQR