NotSopureEdit is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. Successful exploits will result in the compromise of the application and the underlying system; other attacks are also possible.
WebMaid CMS version 0.2-6 Beta is vulnerable to multiple Remote File Include vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server, depending on the privileges associated with the application. The vulnerable parameters are 'template', 'menu' and 'events' which can be found in the index.php file.
Fw-BofF (oolime-resurrection) 1.5.3beta is vulnerable to multiple remote include vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in Woltlab Burning Board Lite Addon (lexikon.php) which allows an attacker to inject malicious SQL queries via the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords.
A buffer overflow vulnerability exists in no$gba 2.5c (.nds) which allows a local attacker to crash the application by creating a specially crafted .nds file containing an overly long string of 'A' characters. This can be exploited to cause a denial of service condition.
A SQL injection vulnerability exists in Jewelry Cart Software, which allows an attacker to execute arbitrary SQL commands via the 'disproid' parameter in the 'product.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can be done by appending a SQL query to the 'disproid' parameter, such as 'http://www.victim.com/product.php?disproid=53+AND+1=2+UNION+SELECT+0,1,version%28%29,3,4--'
http://www.example.com/TTXdir/ ttx.cgi?cmd=file&fid=../users.cgi&fn=users.cgi
Ksysguard is vulnerable to Cross Application Scripting (CAS) which allows an attacker to execute arbitrary code on the target system. The exploit code provided by the author is a ph33r.sgrd file which contains a command to open a netcat listener on port 31337 and execute a bash shell. The vulnerability affects versions of Ksysguard up to and including 4.4.1.
A vulnerability in the Pay Per Watch & Bid Auktions System allows an attacker to inject malicious SQL commands into the 'id_auk' parameter of the 'auktion.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to disclose the contents of the database, including usernames and passwords.
A vulnerability exists in the Gift Exchange component of Joomla, version 1.0beta, which allows an attacker to inject arbitrary SQL commands via the 'pkg' parameter in the 'showcase' view. This can be exploited to gain access to sensitive information such as usernames and passwords.
Services By CQR