An attacker can exploit this vulnerability by sending a crafted URL to the vulnerable application. The crafted URL contains the malicious payload in the include_path or _PEAR_PHPDIR parameter which will be processed by the vulnerable application. This can result in arbitrary remote code execution on the vulnerable system.
WordPress implemented a new feature in version 2.9 that allowed users to retrieve posts that they may have deleted by accident. This new feature was labeled 'trash'. Any posts that are placed within the trash are only viewable by authenticated privileged users. However, when WordPress implemented the new feature they failed to change the permissions granted when the post is in the trash, meaning that an authenticated user can view the post regardless of their privilege level.
The flaw exists within 'history go' ActiveX control which contains stack based overflow conditions. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
ZeusCMS is yet another Content Management System which is vulnerable to Database Backup Dump and Local File Include. An attacker can download the backup.sql file from the target website and can also include local files using the Local File Include vulnerability.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'orderlinks' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive information from the database, modify application data, exploit various vulnerabilities in the underlying SQL server etc.
The vulnerability allows an attacker to access the stats.mdb database and gain remote admin access by visiting the admin.asp page.
The flaw exists when the attacker put window.printer() funtion in multitudinous loop.User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
A vulnerability exists in MRW PHP Upload, which allows an attacker to upload a malicious file to the server. The attacker can then access the uploaded file by accessing the URL http://site.com/path/upload/yourshell.php
An attacker can exploit a SQL injection vulnerability in Southburn Web to gain access to the userindex table and extract the usernames and passwords of all users. The exploit is achieved by appending '+and+1=2+union+select+1,group_concat(id,0x3a,username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+userindex-- -' to the vulnerable URL.
It was found that Vito CMS does not validate properly the "id" parameter value. http://server/duga_vest.php?id=1[SQL] http://server/duga_vest.php?id=-217+UNION+SELECT+1,2,3,group_concat(id,0x3a,username,0x3a,password,0x3a),5,6,7,8+from+members--
Services By CQR