The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the file being requested. This allows an unauthenticated user to download any file which the web server has read rights to, including the users.conf file which contains a list of Upload Tool's users and their hashed passwords.
This exploit allows an attacker to gain root access to a vulnerable Kerio Webstar 5.4.2 server. The attacker must have access to the webstar user or be in the admin group. The exploit creates a malicious library file and then executes the vulnerable binary, which loads the malicious library and grants the attacker root access.
Links web browser versions 1.00pre12 and earlier are vulnerable to command injection due to a flaw in the smb_func() function in smb.c. This flaw allows malicious web sites to execute smbclient commands on the victim's machine, allowing the attacker to read any file from the victim system (any file that the user running links has read access), or to upload any file to the victim system (any file that the user running links can create/overwrite).
Phil's Bookmark script is prone to an authentication-bypass vulnerability due to the script failing to prompt for authentication credentials. An attacker can exploit this issue to bypass authentication and gain admin access to the affected application.
A vulnerability in HPE Shopping Cart allows an attacker to inject arbitrary SQL commands. This can be done by sending a specially crafted HTTP POST request to the search_list.asp page. The vulnerable parameter is Hpecs_Find, which can be set to a malicious SQL query.
User can bypass the login authentication by using ' or '1' = '1 as username and 1'='1' ro ' as password. XSS vulnerability can be exploited by entering malicious code in the vulnerable fields Name, URL and Comments in /comments.asp?blog=85.
NetVios <= 2.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.
A vulnerability in ASP Smiley v1.0 (default.asp) allows an attacker to bypass authentication and gain access to the application by sending a specially crafted SQL injection payload to the application. This payload can be sent as part of the username parameter when attempting to log in.
The script _basicfunctions.php does not specify a value for the $DIR variable before including it. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious value for the $DIR variable. This can lead to remote code execution.
It appears that it is possible to view any files on a system via 'upload.php'. Proper filtering not in affectfor the 'path' and 'folder' variables. You can also upload malicious files to where you have access through 'upload.php'.
Services By CQR