The vulnerability exists due to insufficient sanitization of user-supplied input in the 'IP' and 'owa_action' and 'owa_do' parameters in the 'mw_plugin.php' script. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URLs to remote resources by using RFI (Remote File Include) and LFI (Local File Include) attacks.
MyOWNspace_v8.2 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request with malicious parameters. This can allow an attacker to include arbitrary files from the server, such as configuration files, which can lead to further exploitation.
This exploit is a universal stack overflow exploit for Mini-stream RM-MP3 Converter Version 3.0.0.7 (.pls). It creates a malicious .pls file which contains a buffer of 26117 'A' characters, a return address, a NOP sled, and a shellcode. When the malicious .pls file is opened, the buffer is executed, allowing the shellcode to be executed.
This exploit is used to extract the password of a user from a vulnerable Date & Sex Vor und Rückwärts Auktions System <= v2 website. The exploit uses a SQL injection vulnerability to extract the password from the database. The exploit is written in Python and uses the urllib2 library to read the source code of the vulnerable website.
This exploit allows an attacker to gain access to the admin panel of Kasseler CMS 1.4.x lite by exploiting a SQL injection vulnerability in the Module Jokes. The attacker can use the fsockopen() function to send a POST request to the server and extract the admin credentials from the response.
A CSRF vulnerability exists in BPTutors Tutoring site script, which allows an attacker to create an administrator account with a crafted HTML page. The crafted HTML page contains a form with fields for login, password, first name, last name, and email. When the form is submitted, an administrator account is created with the provided credentials.
CyberCMS is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL code to the vulnerable parameter 'id' in the faq.php file. This can allow an attacker to gain access to the MySQL database, including usernames and passwords. The MySQL version used is 5.0.37-community-nt and the database is uskole.
CMS Faethon is content management system for different web pages. It is vulnerable to Local File Inclusion (LFI) vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability to include malicious files from the local system and execute arbitrary code on the vulnerable system.
tPop3d 1.5.3 is vulnerable to a Denial of Service attack. An attacker can send a large number of 'a' characters to the target port 110 to cause a segmentation fault and crash the service.
A remote SQL injection vulnerability exists in the post Card (catid) script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Services By CQR