systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function.
HPE versions 0.6.1, 0.6.5 and 0.7.0 are vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL contains a malicious file which is then included in the application. This can lead to arbitrary code execution on the server.
Empire CMS version 3.7 and prior is vulnerable to a remote file include vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'check_path' parameter of the 'checklevel.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system. The attacker can supply a URL in the 'check_path' parameter to execute arbitrary PHP code on the vulnerable system.
This exploit is for Apache mod_rewrite off-by-one vulnerability discovered by Mark Dowd. It is a shellcode based on Taeho Oh bindshell on port 30464 and modified for avoiding apache url-escape. The shellcode address in heap memory on apache 1.3.34 (debian sarge) is at 0x0834ae77 for any other version/system.
Variable $_PM_[path][handler] not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
This vulnerability allows an attacker to include a remote file on the vulnerable server. This can be exploited to execute arbitrary PHP code on the vulnerable server by including a malicious file from a remote location.
A buffer overflow vulnerability exists in Easy File Sharing FTP Server 2.0 when handling a specially crafted PASS command. This could allow a remote attacker to execute arbitrary code on the vulnerable system.
SimpleBlog 2.0 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to gain access to the admin panel of the application.
This exploit allows an attacker to include a local file on the vulnerable server. It works against Windows boxes regardless of php.ini settings against PHP < 4.3.3, PHP 5 < 5.1.4. The attacker needs to register an account on the vulnerable server and then send a crafted HTTP request to the server to include the local file.
This exploit allows an attacker to inject malicious SQL code into the vulnerable "comments.asp" page of the LBlog application. The attacker can then use this vulnerability to gain access to the admin panel of the application.
Services By CQR