phpPowerCards db/txt.inc.php does not initialize the $file variable before using it in the fopen() function on line 10, after $file is opened it then writes several variables which are also uninitialized to $file using the fputs() function. Assuming register_globals = on, we can initialize these variables in a query string and then write anything to a file we desire on the target box that's running phpPowerCards.
Brim 1.2.0pre3 and 1.2.1 are vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable server. The vulnerability exists due to the use of the 'renderer' parameter in multiple template files. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. If the victim visits the malicious URL, the attacker-supplied file will be included and executed on the vulnerable server.
Clam AntiVirus is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
A vulnerability was found in the cart.php script of PHPmybibli version <=2.1, which allows remote attackers to include arbitrary files from local or external resources. This can be exploited to execute arbitrary PHP code by including malicious files.
PHPRecipeBook 2.36 is vulnerable to a remote file include vulnerability. Successful exploitation requires register_globals = on and magic_quotes_gpc = on.
WSN Forum 1.3.4 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'pathtoconfig' parameter in 'prestart.php' script. An attacker can exploit this vulnerability by uploading a malicious avatar and then sending a specially crafted HTTP request to the vulnerable script.
The $CONFIG['local_root'] variable in modules/guestbook/index.php is not set before being used to include files. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the CONFIG[local_root] parameter.
This exploit takes two arguments: The lowest address past X's heap and X's data address. It forces the nvidia driver to allocate a large sum of memory.
This is an exploit for a 3rd party program that has been bundled with Xcode on several occasions. The OpenBase binary creates a root owned log file 'simulation.sql' in the database path. Since we control the database path via directory transversal and we also control the umask we can create a file anywhere on the filesystem that is rw-rw-rw and owned by root.
This PoC exploits a SQL and PHP injection vulnerability in woltlab.de burning book version <=1.1.2. The vulnerability is triggered when a maliciously crafted input is sent to the 'addentry.php' script. This can allow an attacker to execute arbitrary SQL and PHP code on the vulnerable system.
Services By CQR