DodosMail 2.0.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the dodosmail_header_file and dodosmail_footer_file parameters of the dodosmail.php script. This will allow the attacker to execute arbitrary code on the vulnerable system.
A remote file inclusion vulnerability exists in irayoblog-alpha-0.2.4. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the irayodirhack parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
Vortex Blog AKA vBlog is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
txtForum is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote file inclusion vulnerability exists in iPrimal Forums due to insufficient sanitization of user-supplied input to the 'p' parameter in the 'admin/index.php' script. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary code on the vulnerable system.
This exploit is a proof of concept for a command injection vulnerability in OpenBase 10.0. The exploit uses system() to execute arbitrary commands with root privileges. The exploit is triggered by using the flags -install, -kill, and -uninstall with the openexec binary.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the '_mygamefile' parameter to '/ad_main.php' script. A remote attacker can send a specially crafted HTTP request with malicious code in the '_mygamefile' parameter, which will be included and executed by the vulnerable script. This can be exploited to execute arbitrary PHP code on the vulnerable system.
Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow a remote attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
iWare admin/mods/simplechat_1.0.0/chat_panel.php does not sanatize the $message variable in the first argument of the PostMessage() function on line 11 before writing the variable contents to chat_log.php on line 25. When chat_panel.php is requested, the PostMessage() function is called on line 32 and $_REQUEST['msg'] is written to chat_log.php unsanatized.
The vulnerability exists in the startup.php file, which allows an attacker to include a remote file by manipulating the CFG_PHPGIGGLE_ROOT parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote server.
Services By CQR