The vulnerability exists in the download.lib.php line 16 and index.php line 234. An attacker can exploit this vulnerability by sending a crafted HTTP request with the parameter 'fileget' set to '../../../../../../../../../../../../ etc/passwd . boot.ini' to download the file. Similarly, an attacker can download the config file by setting the parameter 'fileget' to '../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php' or '../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php'.
This exploit is related to a buffer overflow vulnerability in TFTP Server V1.4 ST. It can be triggered by sending a Read Request (RRQ) packet. The exploit can be used to gain a remote shell on the vulnerable system.
RazorCMS is vulnerable to Path Traversal, when logged in with a least privileged user account the user can access the administrator's and super administrator's directories and files by changing the path in the url. The vulnerabilities exist in admin_func.php.
This exploit allows an attacker to remotely access sensitive files on a vulnerable Enigma2 Webinterface. The exploit works by sending a specially crafted HTTP request to the vulnerable server, which then returns the contents of the requested file. The exploit is possible due to a lack of proper input validation in the application, which allows an attacker to access files outside of the intended directory.
A Remote File Inclusion (RFI) vulnerability exists in SAPID Stable version 1.2.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
ClipBucket 2.6 is vulnerable to Cross Site Scripting and SQL Injection. The vulnerable parameters are cat, seo_cat_name, sort, time, cid, type, collection, item. An attacker can inject malicious JavaScript code and SQL queries in these parameters to execute arbitrary code and access sensitive information.
This exploit allows an attacker to bypass the authentication of the Paddelberg's topsite-script admin page. The attacker can create a cookie with the host name, path name, cookie name set to 'xxxtopa' and cookie value set to ':'. Then, the attacker can visit the admin page and gain access to the page without authentication.
GPSMapEdit v1.1.73.2 is vulnerable to a local denial of service attack. By creating a specially crafted .lst file containing 512 'A' characters, an attacker can cause the application to crash when the file is opened.
An attacker can inject malicious SQL queries into the vulnerable parameter 'id' of the page.php file, which can be used to extract sensitive information from the database.
M-Player 0.4 is vulnerable to a local denial of service attack. By creating a specially crafted MP3 file with a size of 2048 bytes, an attacker can cause the application to crash when the file is opened.
Services By CQR