AnnonceV1.1 is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can inject malicious code in the 'page' parameter of the vulnerable script. The malicious code will be executed on the vulnerable server.
A buffer overflow in variable 'buf' exists due to insufficient validation of variable 'name' in function tor_resolve line 218 of software at http://www.monkey.org/~dugsong/dsocks/. At a quick glance, this looks like it could indeed be overflowed quite trivially by passing an overlong name to any of the host lookup functions proxied by dsocks. It therefore seems that it could quite easily be triggered remotely by, for example, a web page with an include/iframe using an overlong URL.
MySpeach version 3.0.2 and all versions below are vulnerable to a Remote File Inclusion vulnerability. The vulnerability exists in the jscript.php file, which allows an attacker to include a remote file by manipulating the my_ms[root] parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an URL pointing to a malicious file.
SoftBB 0.1 is vulnerable to remote PHP code execution, SQL Injection, and Full Path Disclosure. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
This exploit works against register_globals=On and magic quotes = off. It sends a GET request to the target server with a malicious payload in the 'name' parameter of the bb_smilies.php file. If successful, it will return the root user's password.
This exploit allows an attacker to bypass security restrictions and gain access to the admin panel of Tr Forum V2.0. The attacker can then obtain the MD5 password hash of the admin user.
Vendor attempted to remove illegal characters like ' and = which stop most SQL injection vulnerabilities. However, Vendor failed to remove '>' symbol, which allowed Vipsta & MurderSkillz to work around the fix and exploit the vulnerability.
in-link 2.3.4 is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'ADODB_DIR' parameter of 'adodb-postgres7.inc.php' script. An attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary code on the vulnerable system.
An attacker can exploit a SQL injection vulnerability in Muratsoft Haber Portal v3.6 (tr) by sending a specially crafted HTTP request to the vulnerable application. By exploiting this vulnerability, an attacker can gain access to the database and execute arbitrary SQL commands.
The vulnerable files are present in case of integration with another script, AEDating. The vulnerable files are aedating4CMS.php, aedatingCMS.php and aedatingCMS2.php. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server. The malicious URL contains a reference to a file on a remote server which will be included in the application and executed.
Services By CQR