A vulnerability exists in yappa-ng version 2.3.1 and 2.3.0 due to improper validation of user-supplied input in the admin_modules/admin_module_deldir.inc.php script. An attacker can exploit this vulnerability to include arbitrary remote files, leading to a complete compromise of the vulnerable system.
A vulnerability exists in Dyn CMS <= REleased, due to the improper validation of user-supplied input in the 'x_admindir' parameter of the '0_admin/modules/Wochenkarte/frontend/index.php' script. This can be exploited to include arbitrary remote files by passing a URL in the 'x_admindir' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the 'php.ini' file.
This exploit allows an attacker to gain access to the username and password of the Annuaire 1Two 2.2 application. The exploit is done by sending a malicious HTTP request to the application with the 'id' parameter set to a value of '-1 UNION SELECT username FROM 1two_annuaire_admin' and '-1 UNION SELECT password FROM 1two_annuaire_admin'. The application then returns the username and password in the response.
This exploit allows an attacker to execute arbitrary commands on a vulnerable TikiWiki <= 1.9 Sirius installation. The exploit works by sending a specially crafted HTTP request to the vulnerable jhot.php script, which then executes the attacker's commands.
A remote blind SQL injection vulnerability exists in Icblogger. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.
PowerZip 7.06 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted file to the application, resulting in arbitrary code execution.
A vulnerability in YACS CMS (Yet Another Community System) allows attackers to include remote files via a specially crafted URL. An attacker can send a malicious URL to an unsuspecting user and if the user clicks on the link, the attacker can execute arbitrary code on the vulnerable system.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a file from a remote location through a vulnerable lpref parameter in config.php file.
A remote file include vulnerability exists in DMO: Lanifex Database of Managed Objects version 2.3 Beta. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. This is done by sending a maliciously crafted HTTP request to the vulnerable system.
phpAtm version 1.21 is vulnerable to a remote file inclusion vulnerability due to the use of the include_location parameter in the confirm.php, index.php and login.php scripts. An attacker can exploit this vulnerability by sending a malicious URL in the include_location parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.
Services By CQR