MyBloggie is vulnerable to multiple SQL injections via the trackback.php file. An attacker can exploit this vulnerability to disclose administrative credentials.
SendCard is vulnerable to unauthorized administrative access / remote commands execution. The vulnerable code is present in admin/prepend.php near lines 32-34. The attacker can exploit this vulnerability by using the php injection, arbitrary remote inclusion, arbitrary local inclusion or read phpinfo().
TSEP version 0.942 is vulnerable to Remote File Include vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'tsep_config[absPath]' parameter of 'colorswitch.php', 'printpagedetails.php', 'ipfunctions.php', 'contentimages.class.php', 'configfunctions.php', and 'log.class.php' scripts. An attacker can exploit this vulnerability by sending a malicious URL in the 'tsep_config[absPath]' parameter of the vulnerable scripts. This can allow the attacker to execute arbitrary code on the vulnerable system.
Kayako eSupport version 2.3.1 and below is vulnerable to a Remote File Inclusion vulnerability. This vulnerability is due to the 'subd' parameter in the 'autoclose.php' script not being properly sanitized before being used in a 'require_once' call. This can be exploited to include arbitrary remote files by passing a URL in the 'subd' parameter. Successful exploitation requires that 'register_globals' is enabled.
This exploit allows an attacker to inject malicious code into a vulnerable web application. By exploiting a vulnerability in TinyPHPForum 3.6, an attacker can upload a malicious file to the server and execute it. The vulnerability exists due to the application not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This will allow the attacker to upload a malicious file to the server and execute it.
SaveWeb Portal 3.4 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the SITE_Path parameter. The malicious URL can be used to execute arbitrary code on the vulnerable system. The vulnerable code is located in the menu_dx.php, poll/poll.php and poll/view_polls.php files.
This exploit is a variant of CF_CHARSET_PATH a local root exploit by v9_at_fakehalo.us. It is used to gain root access on old G3 iMacs. It uses a wrapper to gain euid=0 and sets the environment variable CF_CHARSET_PATH to a specific value. It then executes the authopen command to gain root access.
This module exploits an arbitrary command execution vulnerability in the Twiki configure script. All versions of Twiki prior to 4.0.4 hotfix 2 are vulnerable. Patch HotFix04x00x04x02 is available on twiki.org homepage.
A vulnerability exists in World of Warcraft (WoW) Roster, which can be exploited by malicious people to conduct remote file include attacks. This is due to the application not properly sanitizing user-supplied input passed via the 'subdir' parameter to the '/lib/phpbb.php' script. Successful exploitation allows execution of arbitrary PHP code.
The latest version of Sentinel Log Manager is prone to a Directory Traversal, which makes it possible, for Authenticated Users, to access any system file. Testing environment: Sentinel Log Manager Appliance 1.2.0.1 Vulnerable URL: /novelllogmanager/FileDownload?filename=/opt/novell/sentinel_log_mgr/3rdparty/tomcat/temp/../../../../../../etc/passwd
Services By CQR