XMB is vulnerable to arbitrary local inclusion and remote commands execution due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability by supplying a crafted value for langfilenew argument, ex: ../../../../../../../apache/logs/access.log[null char]/English. This will bypass the check and allow the attacker to include an arbitrary file from local resources. This works regardless of php.ini settings because of the ending null char stored in database.
A vulnerability in the Joomla Webring Component (component_dir) allows remote attackers to include arbitrary files via a URL in the component_dir parameter to admin.webring.docs.php.
This vulnerability allows remote attackers to cause a denial of service (crash) in Nokia Browser. The vulnerability is caused due to a boundary error in the handling of shellcode. This can be exploited to cause a stack-based buffer overflow via an overly long string passed to the unescape() function. Successful exploitation allows execution of arbitrary code.
MVCnPHP is vulnerable to remote file inclusion. The vulnerability exists in the BaseCommand.php, BaseLoader.php, and BaseView.php files. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server. The malicious URL contains a malicious script which is then executed on the vulnerable server.
Remository v3.25 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerable code is located in the admin.remository.php file. By sending a specially crafted HTTP request, an attacker can execute arbitrary code on the vulnerable system.
WEBInsta Mailing list manager 1.3e is vulnerable to Remote File Inclusion due to the lack of proper sanitization of the $cabsolute_path parameter. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This can lead to remote code execution.
A vulnerability exists in VWar <= v1.50 R14 which allows an attacker to inject arbitrary SQL commands. This is due to the lack of input validation on the 'n' parameter in the 'extra/online.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. This can allow an attacker to gain access to sensitive information such as user credentials.
Chaussette is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation.
phpPrintAnalyzer is vulnerable to remote file inclusion attacks. An attacker can include arbitrary files from remote locations by using a URL in the ficStyle parameter.
SaveWebPortal version 3.4 and below is vulnerable to a Remote File Inclusion vulnerability. An attacker can inject malicious code into the 'page' parameter of the index.php file, allowing for the execution of arbitrary code. The attacker must create a file called shell.html.txt or shell.php.txt in order for the exploit to be successful.
Services By CQR