A remote file inclusion vulnerability exists in Squirrelcart version 2.2.0 and earlier. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
TR Newsportal is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The vulnerability is a Directory Traversal in the Reporter web interface. The vulnerability allows an unauthenticated attacker to access to any file in the system, including the Reporter configuration file (reporter.cfg) which contains the database credentials. The vulnerability is triggered when an attacker sends a specially crafted HTTP request to the Reporter web interface. The vulnerable parameter is the "file" parameter in the "getfile.php" script.
Annonces Wordpress plugin is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server.
Sugar Suite Open Source version 4.2 and below is vulnerable to an arbitrary remote code inclusion vulnerability. This vulnerability is due to the lack of proper validation of user-supplied input in the 'class' and 'id' parameters of the 'LockResolve' action of the 'OptimisticLock' module. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Raydium is prone to multiple remote vulnerabilities, including a buffer-overflow vulnerability, a format-string vulnerability, and a denial-of-service vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the affected application, to cause a denial-of-service condition, or to gain sensitive information.
Genecys is a 3D MMORPG server written in C++. A buffer overflow vulnerability exists in the Genecys server version 0.2. When a client sends a packet with a large amount of data, the server will crash due to a NULL pointer dereference.
Empire <= 4.3.2 is vulnerable to a denial of service attack when a malicious user sends a specially crafted packet to the server. This causes the server to crash and the service to become unavailable.
Outgun is a free, open source, fast-paced, team-based, multiplayer game. Outgun <= 1.0.3 bot 2 contains multiple remote vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code on the vulnerable system.
If an attacker has admin session id, they can enable avatar uploads and store an arbitrary path for "default_lang" inside phpbb_config database table using the "Database Restore" feature. This allows the attacker to upload a malicious avatar with php code as EXIF metadata content and submit a query to the database. The $board_config['default_lang'] variable is not sanitized before being used to include files, so the malicious avatar can be reached and the code inside of it can be executed.
Services By CQR