This exploit allows an attacker to include a remote file on the web server. The vulnerability exists due to the use of user-supplied input without proper validation. A remote attacker can exploit this vulnerability to include arbitrary files from a remote Web server and execute arbitrary code on the vulnerable system.
ttCMS_v5 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the victim. The malicious URL contains a malicious file which is hosted on a remote server. The malicious file is then included in the application and executed.
The vulnerability exists due to insufficient sanitization of user-supplied input in the '_nodesforum_path_from_here_to_nodesforum_folder' and '_nodesforum_code_path' parameters of the 'erase_user_data.php' and 'pre_output.php' scripts. This can be exploited to execute arbitrary PHP code by including a remote file via a URL in the '_nodesforum_path_from_here_to_nodesforum_folder' and '_nodesforum_code_path' parameters.
MunkyScripts Simple Gallery is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This exploit is for Easy~Ftp Server v1.7.0.2 MKD Remote Post-Authentication BoF vulnerability. It is a buffer overflow exploit which uses Metasploit shellcode (calc.exe) to execute a malicious code. It was discovered by loneferret in 2010 and exploits by 11470.py (PoC) and 11470_x90c.c (Exploit).
This exploit allows an attacker to create an admin user on the Prediction League 0.3.8 application by crafting a malicious form and sending it to the CreateAdminUser.php page. The form contains fields for the admin user name and password, which are then used to create the admin user.
x10 mirco blogging V121 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Solutive CMS is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'id' parameter in the 'product_detail.php', 'news_content.php' and 'products_by_cat.php' scripts. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A vulnerability exists in QuickEStore 6.1 which allows an attacker to dump the backup of the application. This can be done by accessing the QuickEStore.mdb and admin files on the server.
A vulnerability exists in Advanced Management For Services Sites which allows an attacker to bypass the authentication and create and download a backup of the SQL database. The attacker can access the backup.php page without authentication and create and download a backup of the SQL database.
Services By CQR