This exploit works on Quezza BB <= 1.0. It allows an attacker to include a remote file on the web server. This is done by exploiting the 'quezza_root_path' parameter in the 'class_template.php' script. The attacker can supply a URL which can be used to include a remote file. The exploit requires 'register_globals' to be set to 'on' for both examples.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'ex' and 'us' parameters of the 'export.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the application's database, caused by the use of the 'sprintf()' function with user-supplied input in the 'export_users()' method of the 'GDSRExport' class. This can be exploited to bypass authentication and gain access to the application.
DeluxeBB <= v1.06 is vulnerable to an arbitrary code execution vulnerability due to a flaw in the mod_mime module. An attacker can upload a malicious file with double extensions, such as 'test.php.php.rar', which will be renamed to 'test.php.php-1147772503.ext' and copied to the 'files/' folder. Apache mod_mime module considers double-extension files to be valid PHP files and runs the arbitrary code that has been uploaded. An attacker can then execute arbitrary code by sending a request to the malicious file with a command appended to the URL.
This exploit was modified with a new poc and triggering method, to hit Opera Next. The first copy was coded for v10.5x/v10.6x. RCE on: v11.00, v11.01, v11.10, v11.11, v11.50, v11.51 and v12.00 pre-alpha r1076 (Opera Next). DEP bypass: possible but unreliable.
This exploit allows an attacker to gain access to the admin panel of a vulnerable version of PHP-Fusion. The attacker must have an account and can then send a POST request to the login.php page with the username and password. This will then return a cookie which can be used to access the admin panel.
A vulnerability in ezUserManager <= v1.6 allows remote attackers to include arbitrary files via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php.
This module exploits an authentication bypass flaw in version 4.1.0 and 4.1.1 of the RealVNC service. This module acts as a proxy between a VNC client and a vulnerable server. Credit for this should go to James Evans, who spent the time to figure this out after RealVNC released a binary-only patch.
DeluxeBB 1.06 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as user credentials. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'name' parameter of the 'misc.php' script.
GNUnet is vulnerable to a remote denial of service attack. An attacker can send an empty UDP packet to the GNUnet port and cause the service to crash.
This vulnerability allows an attacker to bypass authentication in VNC Viewer by forcing the secType to equal secTypeNone.
Services By CQR