Fortinet FortiGate devices running FortiOS v2.8MR10 and v3beta are vulnerable to this issue. An attacker can bypass the device's URL filtering by sending specially crafted HTTP requests. This can be done by sending a request with an empty Host header or a request with an empty line after the Host header.
This exploit allows an attacker to inject malicious SQL code into the 'detail.php' page of a vulnerable version of Php Classifieds. This code can be used to extract the username and password of an administrator from the 'phpclass_admins' table.
A vulnerability in sazcart v1.5 allows remote attackers to include arbitrary files via a URL in the _saz[settings][shippingfolder] parameter to admin/controls/cart.php.
cPanel is prone to multiple cross-site scripting vulnerabilities due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This exploit is used to gain access to the user password hash of a vulnerable version of PHPKit 1.6.1. It uses a POST request to the 'popup.php' file in the 'misc/finduser.php' directory, with a specially crafted 'search_user' parameter. This parameter contains a SQL injection payload which is used to extract the user password hash from the 'phpkit_user' table.
A remote file inclusion vulnerability exists in Drake CMS v0.2.2 ALPHA rev.846, which allows an attacker to include a remote file via the 'd_root' parameter in the 'includes/xhtml.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
A vulnerability exists in Ariadne v2.4, which allows a remote attacker to include a file from a remote location. The vulnerability is due to the 'store_config[code]' parameter not properly sanitized before being used in an include_once() function call. This can be exploited to include arbitrary files from remote locations by passing a URL as the parameter value. Successful exploitation requires that 'allow_url_fopen' is enabled.
Nullsoft Winamp < 5.31 is vulnerable to a heap overflow vulnerability when a maliciously crafted Ultravox-Max-Msg value is sent to the server. This can lead to a denial of service condition.
An attacker can exploit a vulnerability in PostNuke 0.763 to execute arbitrary code on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'currentlang' parameter in the 'error.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by passing a maliciously crafted 'currentlang' parameter to the 'error.php' script.
MODx CMS manager/media/browser/mcpuk/connectors/php/commands/thumbnail.php does not initialize the $base_path variable before using it to include files, assuming register_globals = on, we can intialize the variable in a query string and include a remote file of our choice.
Services By CQR