Shadows Rising RPG (Pre-Alpha) version 0.0.5b is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
A vulnerability in SimpleBlog 2.0 <= "comments.asp" allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by e.g. injecting additional statements. This can be used to bypass authentication or disclose sensitive information.
SportsPHool version 1.0 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This will allow the attacker to include a remote file containing arbitrary code, which will be executed on the vulnerable server.
NES Game & NES System version c108122 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter 'phphtmllib' in multiple scripts. This can allow the attacker to execute arbitrary code on the vulnerable system.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'mosConfig_absolute_path' parameter of 'Tar.php' script. A remote attacker can include arbitrary files from remote locations and execute arbitrary code on the vulnerable system.
A vulnerability exists in ZZ:FlashChat V3.1, due to the improper validation of user-supplied input in the 'adminlog' parameter of the 'chat/inc/func.add_data.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the 'adminlog' parameter.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the 'lm_absolute_path' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.
Fantastic News versions 2.1.2 and 2.1.3 are vulnerable to a Remote File Inclusion vulnerability due to a lack of proper sanitization of user-supplied input to the CONFIG[script_path] parameter in the news.php script. An attacker can exploit this vulnerability by sending a malicious URL in the CONFIG[script_path] parameter, which will be executed on the vulnerable server.
A vulnerability exists in Tutti Nova <= v1.6 due to improper validation of user-supplied input in the TNLIB_DIR parameter of the class.novaEdit.mysql.php script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the TNLIB_DIR parameter.
Cce-interact version 2.2.0 and below is vulnerable to a remote file include vulnerability. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'CONFIG[BASE_PATH]' parameter of the 'admin/autoprompter.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
Services By CQR