The Classified Ad System 1.0 (main) is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a malicious SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The attacker can then use this information to gain unauthorized access to the system.
A remote file inclusion vulnerability exists in Okul Merkezi Portal v1.0. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. This is achieved by sending a maliciously crafted HTTP request containing a URL in the 'page' parameter of the 'ataturk.php' script. This can allow an attacker to execute arbitrary code on the vulnerable system.
This exploit allows an attacker to bypass authentication and register as an admin on Fishyshoop, a web application. The exploit uses the WWW::Curl::Easy Perl module to send a POST request to the Fishyshoop root URL with the desired username and password, and the is_admin parameter set to 1. This allows the attacker to register as an admin without any authentication.
A vulnerability in the myPHPNuke Gallery Module allows remote attackers to include arbitrary files via a URL in the basepath parameter to displayCategory.php.
A remote file include vulnerability exists in Shadowed Portal 5.7. Roster Module (mod_root). An attacker can exploit this vulnerability to include arbitrary remote files and execute arbitrary code on the vulnerable system.
This exploit allows an attacker to include a remote file on the vulnerable server through the vulnerable parameter 'path' in the 'maquetacion_socio.php' file. The vulnerable code includes three files, 'datos_socios.php', 'elementos/actos.php' and 'datos/datos_ciberinvitados.php', which can be accessed remotely by an attacker. The exploit was discovered by the DeltahackingTEAM and was published in 2008.
Irokez CMS has several scripts which do not initialize variables before using them to include files, assuming register_globals = on, we can initialize any one of the variables in a query string and include a remote file of our choice.
A vulnerability exists in PhpbbXtra v2.0, which allows a remote attacker to include a file from a remote location. The vulnerability is due to the 'includes/archive/archive_topic.php' script not properly sanitizing user-supplied input to the 'phpbb_root_path' parameter. An attacker can exploit this vulnerability to include arbitrary files from remote locations, resulting in arbitrary code execution on the vulnerable system.
Multiple XSS and SQL Injection vulnerabilities in Endonesia8.4 allow remote attackers to inject arbitrary web script or HTML, and execute arbitrary SQL commands via the (1) mod parameter in mod.php, (2) friend parameter in friend.php, (3) maintext parameter in admin.php, (4) intypeid parameter in mod.php, (5) cid parameter in mod.php, (6) did parameter in mod.php, (7) cid parameter in katalog.php, and (8) cid parameter in diskusi.php, and allow remote attackers to execute arbitrary commands via the did parameter in diskusi.php.
Jinzora has several scripts which do not initialize variables before using them to include files, assuming register_globals = on, we can initialize any one of the variables in a query string and include a remote file of our choice.
Services By CQR