This exploit takes advantage of a setgid vulnerability in the fetchmail program. The attacker creates a malicious file in the /tmp directory and sets it to be executable. The attacker then runs the fetchmail program, which is setgid, and the malicious file is executed.
This exploit is a canibalized version of 'Kansas City POP Daemon Version 0.0' which is vulnerable to buffer overflow. It allows an attacker to execute arbitrary code on the vulnerable system by sending a malicious string to the POP3 server.
XMB <= 1.9.6 is vulnerable to a 'u2uid' SQL injection which can be used to disclose admin credentials. This vulnerability is present in the 'u2u.inc.php' file near lines 176-219.
K_fileManager v1.2 is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input in the 'dwl_include_path' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious URL in the 'dwl_include_path' parameter, which will be included in the application. This can allow an attacker to execute arbitrary code on the vulnerable system.
Voodoo chat 1.0RC1b is vulnerable to a remote file inclusion vulnerability due to a failure to properly sanitize user-supplied input to the 'file_path' parameter in the 'index.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a malicious URL to a legitimate user of the application.
A vulnerability in newsReporter v1.1 allows remote attackers to execute arbitrary commands via a crafted news_include_path parameter to index.php.
PHPAuction 2.1 is vulnerable to a Remote File Inclusion vulnerability due to the fact that the $phpAds_path variable is not properly sanitized before being used. This could allow an attacker to execute arbitrary code on the vulnerable server.
A vulnerability exists in World of Warcraft (WoW) Roster, which allows a remote attacker to include a file from a remote host that is outside of the intended system's path. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input to the 'subdir' parameter in the 'conf.php' script.
The $tsep_config["absPath"] variable is not properly sanitized before being used, allowing an attacker to include a remote file containing malicious code. This can lead to remote file execution.
A vulnerability exists in NewsLetter v3.5, which allows a remote attacker to include a file from a remote host. This is due to a failure in the application to properly sanitize user-supplied input to the 'NL_PATH' parameter in 'index.php'. An attacker can exploit this vulnerability to include arbitrary files from remote hosts, which can lead to the execution of arbitrary code on the vulnerable system.
Services By CQR