A vulnerability in FreeHost Version 1.00 allows an attacker to upload malicious files to the server. An attacker can register on the website, then use Tamper Data to upload a malicious file to the server. The malicious file can then be accessed via the URL http://127.0.0.1/FreeHost/u/indoushka/Ch99.php.zip
Duhok Forum 1.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'Approval' parameter of the 'index.php' script when registering a new user. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.
This vulnerability allows an attacker to include a file from a remote server that is accessible by the web server. This can be exploited to execute arbitrary PHP code by including files from external sources that contain malicious code.
This module exploits a stack overflow in the USER verb in Open & Compact FTPd version 1.2. The program will crash once the payload is sent, so bind shell payloads are not effective.
The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b. The vulnerability is a SQL Injection vulnerability which can be exploited by sending malicious code in the 'moisEnCours' parameter of the 'agenda_titre.php' page. This can allow an attacker to gain access to sensitive information from the database.
This vulnerability allows an attacker to include a file from the local system, such as the /etc/passwd file, by manipulating the 'controller' parameter in the 'index.php' file of the Ninja RSS Syndicator component. This can be exploited to disclose sensitive information.
This vulnerability allows an attacker to include a file from the local system, such as the /etc/passwd file, by manipulating the 'controller' parameter in the URL. This can be exploited to disclose sensitive information.
deV!L`z Clanportal 1.5.2 is vulnerable to a Remote File Include vulnerability. This vulnerability is caused due to the use of user-supplied input without proper validation. A remote attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the webserver process. The PoC provided allows an attacker to include a remote file containing malicious code and execute it in the context of the webserver process.
A vulnerability in httpdx v1.5.3b allows for a remote pre-authentication denial of service attack. The vulnerability exists due to a stack-based buffer overflow when handling the USER and PASS commands. An attacker can send a specially crafted request to the vulnerable server, causing a crash. The crash occurs when the EIP register is overwritten with 0x77c47b79, which is a MOV instruction that moves the value of EAX into the memory address pointed to by EDI.
A vulnerability exists in the phppool Domain Verkaufs und Auktions Portal script, which allows an attacker to inject malicious SQL commands via the 'id' parameter in the 'index.php' script. The attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious SQL query to the vulnerable script. This can be done by appending the malicious SQL query to the 'id' parameter in the 'index.php' script, such as 'http://www.site.com/portal/index.php?a=d&id=-11111111111+union+select+1,2,concat(firstname,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11+from+dsp_buyers--'.
Services By CQR