CzarNews is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. The attacker can supply a URL to a malicious script in the 'tpath' parameter of the vulnerable script. Successful exploitation requires that 'register_globals' is enabled.
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and POSSIBILY (yeah, sure;) gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions (CVE-2006-2451).
This patch mainly adds suidsafe to suid_dumpable sysctl but also a new per process, user setable argument to PR_SET_DUMPABLE. This flaw allows us to create a root owned coredump into any directory. This is trivially exploitable.
This exploit is for Linux Kernel PRCTL Core Dump Handling vulnerability (BID 18874 / CVE-2006-2451) in Kernel 2.6.x versions (>= 2.6.13 && < 2.6.17.4). It creates a Cron entry and runs a shell with root privileges.
This exploit allows an attacker to include a remote file on the vulnerable server through the libpath parameter in gore.php. The attacker can execute arbitrary code on the vulnerable server by including a malicious file.
This exploit allows an attacker to execute arbitrary code on the vulnerable system. It is applicable to EJ3 TOPO version 2.2. The exploit is coded in Perl and uses LWP::UserAgent and HTTP::Cookies modules to create a user and execute the code.
Input passed to the 'default_path' parameter in 'index.php', 'error.php', 'classes/main_class.php', 'format_css.php', 'js.php', and 'rss.php' is not properly sanitized before being used to include files. Vulnerable scripts not properly sanitizing user-supplied input to the 'POST' and 'COOKIE' variables. This can be exploited to execute arbitrary PHP code by including files from local or external resources. Exploitation requires turn ON 'register_globals'.
This vulnerability allows remote attackers to disclose sensitive information on systems running Webmin or Usermin. The vulnerability is due to a directory traversal flaw in the unauthenticated portion of the Webmin/Usermin server. By sending a specially crafted request, a remote attacker can view arbitrary files on the system with the privileges of the Webmin/Usermin server. This vulnerability affects Webmin versions prior to 1.290 and Usermin versions prior to 1.220.
Sabdrimer PRO (v.2.2.4 ) is vulnerable to a Remote File Include vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'pluginpath[0]' parameter of the 'advanced1.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request containing malicious code. The vulnerability is only exploitable if the 'register_globals' PHP option is set to 'On'.
A remote inclusion vulnerability was found in the Mambo component download.php file. The vulnerability is caused due to the improper validation of user-supplied input in the 'phpbb_root_path' parameter. This can be exploited to include arbitrary files from remote locations by using directory traversal sequences and URL encoded NULL bytes.
Services By CQR