This vulnerability is a buffer overflow in the ADODB.Connection object's Execute function. It affects Windows XP SP1/SP2 and IE 6.0 with the latest patches installed. The exploit causes an access violation at 77114D0F. It can be exploited with some shellcode.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'jcms_root_path' parameter in 'includes/functions.php' script. A remote attacker can execute arbitrary PHP code on the vulnerable system by passing it to the 'jcms_root_path' parameter. The code will be included and executed by the vulnerable script.
Jaws 0.5.2 is vulnerable to Remote File Inclusion due to GLOBALS["path"] not being declared. An attacker can exploit this vulnerability by sending a malicious URL to the application, such as http://www.site.com/jaws_PATH/html/include/JawsDB.php?path=[Evil Script].
Mdweb132-postgres is vulnerable to Remote File Inclusion due to the lack of proper sanitization of user-supplied input. The vulnerable code is present in the form_org.inc.php and country_insert.php files located in the /mdweb/admin/inc/organisations/ directory. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the chemin_appli parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.
A remote attacker can execute arbitrary code on the vulnerable system by sending a specially crafted HTTP request to the vulnerable server. The attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server containing a malicious payload in the sys_dbtype parameter. The malicious payload is then executed on the vulnerable server.
OTSCMS 2.0.0 - 2.1.3: A remote file inclusion vulnerability exists in OTSCMS 2.0.0 - 2.1.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system. OTSCMS 1.3.0 - 1.4.1: A remote file inclusion vulnerability exists in OTSCMS 1.3.0 - 1.4.1. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system. OTSCMS 1.0.0 - 1.0.3: A remote file inclusion vulnerability exists in OTSCMS 1.0.0 - 1.0.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
This exploit allows an attacker to include a remote file on the vulnerable server. The vulnerable code is present in the files faq.php, index.php, list.php, login.php, playlist.php, song.php, gen_m3u.php, view_artist.php, view_song.php, flash/set_na.php, flash/initialise.php, flash/get_song.php, includes/common.php, admin/nav.php, admin/main.php, admin/list_artists.php, admin/index.php, admin/genres.php, admin/edit_artist.php, admin/edit_album.php, admin/config.php, and admin/admin_status.php. The exploit is triggered by sending a specially crafted HTTP request containing the malicious code in the foing_root_path parameter.
EZ-Ticket v0.0.1 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a malicious file which is then included in the application. This can lead to the execution of arbitrary code on the vulnerable system.
This exploit allows an attacker to gain access to the md5 hash of the first admin (God) of the nuke_authors table by sending a malicious POST request to the modules.php page.
This exploit allows an attacker to execute arbitrary code on the vulnerable server. It is triggered when an attacker sends a maliciously crafted request to the vulnerable delete.php script. The attacker can then execute arbitrary code on the vulnerable server.
Services By CQR