A vulnerability has been found in Cybozu Products. When exploited, the vulnerability allows an authenticated user to retrieve arbitrary files accessible to the web server process.
A vulnerability exists in Ay System Solutions CMS version 2.6 and prior. The vulnerability is due to the 'manage/template/standard/main.php' script not properly sanitizing user-supplied input to the 'path[ShowProcessHandle]' parameter. This can be exploited to include arbitrary files from remote hosts by passing a URL in this parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the 'php.ini' file.
CMS frogss version 0.4 is vulnerable to SQL injection in the 'podpis' parameter of the 'rejestracja.php' script. An attacker can exploit this vulnerability to create a new admin account in the CMS.
iziContents is vulnerable to Remote Code Execution due to the use of the GLOBALS[] array in the include/rssfunctions.php file. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which will allow the attacker to execute arbitrary code on the server.
AES: AlberT-EasySite version 1.0a5 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
A SQL injection vulnerability exists in proManager 0.73, which allows an attacker to inject arbitrary SQL commands via the 'note_id' parameter in the 'note.php' script. This can be exploited to add an admin user with a known username and password.
CliServ Web Community version 0.65 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Integramod Portal 2.x is vulnerable to File Inclusion Vulnerabilities. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious code in the 'phpbb_root_path' parameter. This malicious code will be executed on the vulnerable server.
This vulnerability allows an attacker to gain administrative access to the eFiction website by manipulating the cookies. The attacker can use the Firefox extension 'Add n Edit Cookies' to add the cookies to the browser so that they stick with each page.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the '_CCFG[_PKG_PATH_INCL]' parameter to 'constants.php' script. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.
Services By CQR