Invision Gallery 2.0.7 is vulnerable to ReadFile() & SQL injection. ReadFile() allows an attacker to read any file on the server, while SQL injection allows an attacker to extract data from the database. The syntax for ReadFile() is readfile 1 <host> <pathtoindex> <localfile>, while the syntax for SQL injection is sqlinject <host> <pathtoindex> <member_id> <prefix> <column> <table>. The getprefix command can be used to get the database prefix from IPB error.
This exploit is for CVE-2006-4814, a buffer overflow vulnerability in the ptrace system call. The exploit attaches to the process with the given PID and then calls the PT_LWPINFO ptrace request to trigger the overflow.
A remote file include vulnerability exists in Journals System version 1.0.2 [RC2] and earlier. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
Download-Engine version 1.4.2 is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'spaw_root' parameter of the 'spaw_control.class.php' script. This will allow the attacker to execute arbitrary code on the vulnerable system.
A remote file include vulnerability exists in Softerra. PHP Developer Library. The vulnerability is caused due to the 'lib_dir' parameter in the 'registry.lib.php', 'sqlcompose.lib.php' and 'sqlsearch.lib.php' scripts not properly sanitized before being used to include files. This can be exploited to include arbitrary files from remote locations by e.g. using a URL in the 'lib_dir' parameter. Successful exploitation requires that 'allow_url_include' is set to 'on' in the php.ini.
A vulnerability exists in Minichat v6, which allows a remote attacker to include a file from a remote location. The vulnerable code is located in the ftag.php file, which contains a parameter called 'mostrar' that is not properly sanitized before being used in an include statement. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable file, which will include the malicious file from the remote location.
SH-News is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the scriptpath parameter of the vulnerable scripts. This will allow the attacker to execute arbitrary code on the vulnerable server.
A remote file include vulnerability exists in PHP News Reader version 2.6.2 and earlier. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by sending a maliciously crafted HTTP request to the vulnerable server.
A remote file include vulnerability exists in CommunityPortals version 1.0 and earlier. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input passed to the 'page' parameter in the 'index.php' script. An attacker can exploit this vulnerability by passing a malicious URL to the vulnerable script.
Kmail <= 1.9.1 (latest) suffers from a crash when trying to parse an incorrectly formatted <img> tag. HTML parsing must be enabled for this. This can be done by going to Settings -> Configure Kmail ->Security -> and tick Prefer HTML to Plain Text. Copy the following into your local /var/spool/mail/`whoami` or send a mail containing the HTML part to cause a crash.
Services By CQR