BrewBlogger does not properly sanitize the 'id=' parameter passed to printLog.php. Since each user entry contains an auto-incrementing ID number, it is possible to enumerate all user names and passwords stored in the 'users'database by iterating through every possible ID number.
encapscms 0.3.6 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 'root' parameter to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Heap Spray Exploit is a technique used by attackers to inject malicious code into a vulnerable application. The attacker uses a heap spray to spray a large number of objects onto the heap, which can then be used to execute arbitrary code. The attacker can then use the heap spray to overwrite the return address of a function, allowing them to execute arbitrary code.
This exploit allows an attacker to gain access to the server by exploiting a vulnerability in the phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) application. The vulnerability is caused due to the improper validation of user-supplied input in the 'file' parameter of the 'view-sourcecode.php' script. This can be exploited to include arbitrary local files from the web server and execute arbitrary PHP code.
MyAlbum version 3.02 and possibly other versions are vulnerable to a remote file inclusion vulnerability. The vulnerability is due to the 'langs_dir' parameter in the language.inc.php script not being properly sanitized before being used in an include statement. This can be exploited to include arbitrary files from remote hosts resulting in arbitrary code execution on the vulnerable system.
This exploit is used to gain access to the admin information of a vulnerable AspPired2 Poll version 1.0 (MoreInfo.asp) website. It uses a union select statement to extract the login and password of the admin user from the user table.
1WebCalendar is prone to multiple SQL-injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The Shopping Catalog script is vulnerable to a Remote File Inclusion (RFI) vulnerability. This vulnerability allows an attacker to include a remote file, containing arbitrary code, on the vulnerable server. This can be exploited to execute arbitrary PHP code on the vulnerable server.
LetterIt is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL can be used to execute arbitrary code on the vulnerable system. The malicious URL can be sent via a GET request to the vulnerable application. The vulnerable parameter is the 'lang' parameter in the 'session.php' file. An attacker can use this parameter to inject malicious code into the vulnerable application.
Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application to potentially gain elevated privileges.
Services By CQR