aFAQ 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'catcode' in the 'faqDsp.asp' script. This can allow an attacker to gain access to the database and potentially gain access to sensitive information.
A vulnerability in Cacti <= 0.8.6i allows an attacker to execute arbitrary commands on the vulnerable system. This is due to the lack of proper input validation in the "cmd.php" script, which allows an attacker to inject arbitrary commands into the "popen()" function. This can be exploited to execute arbitrary commands with the privileges of the web server.
A vulnerability exists in Limbo CMS event module, which allows a remote attacker to include a file from a remote location. The vulnerability is due to the 'lm_absolute_path' parameter in 'mod_eventcal.php' script not properly sanitized before being used to include files. This can be exploited to include arbitrary files from remote locations by specifying a URL in the 'lm_absolute_path' parameter.
Fantastic News version 2.1.4 is vulnerable to multiple remote file include vulnerabilities. The vulnerable code is present in the archive.php and headlines.php files on lines 16, 17, 18, and 19. An attacker can exploit this vulnerability by sending a malicious URL in the CONFIG[script_path] parameter. This can lead to remote file execution.
A remote file inclusion vulnerability exists in Bubla <= 1.0.0rc2. The vulnerability is due to the 'bu_dir' and 'bu_config[dir]' parameters in the 'process.php' script not properly sanitized before being used in a 'require_once' function call. This can be exploited to include arbitrary remote files by e.g. passing a URL in the 'bu_dir' or 'bu_config[dir]' parameter.
Yrch! v1.0 is vulnerable to a remote file include vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'path' parameter of the 'plug.inc.php' script. This may allow a remote attacker to include a file from a remote host that contains arbitrary code and execute it in the context of the webserver process.
KSirc 1.3.12 is vulnerable to a remote buffer overflow when sending a PRIVMSG command with an overly long string. This can be exploited by an attacker to execute arbitrary code on the vulnerable system.
myPHPCalendar is vulnerable to a remote file inclusion vulnerability. This vulnerability is caused due to the 'cal_dir' parameter in 'admin.php', 'contacts.php' and 'convert-date.php' scripts not properly sanitized before being used to include files. This can be exploited to include arbitrary remote files from a third-party server by passing an URL as the 'cal_dir' parameter. Successful exploitation of this vulnerability can result in arbitrary remote code execution on the vulnerable system.
mxBB Module pafileDB 2.0.1b is vulnerable to a remote file include vulnerability. This vulnerability allows an attacker to include a remote file, usually resulting in a remote shell on the webserver.
This exploit allows an attacker to bypass the general access restriction of Cahier de texte V2.2 by exploiting a vulnerability in the code. The vulnerable code is a PHP script that checks if the user is an administrator, and if not, redirects them to the index page. The exploit uses a socket connection to send a request to the server, bypassing the access restriction.
Services By CQR