A vulnerability in OpenPHPNuke <= 2.3.3 allows remote attackers to execute arbitrary code via a URL in the root_path parameter to master.php.
This exploit allows an attacker to execute arbitrary commands on a vulnerable system running INVISION POWER BOARD 2.1.5. The attacker must have permission to post a comment in order to exploit this vulnerability. The exploit works by sending a specially crafted POST request to the vulnerable system, which then executes the malicious code.
Advanced GuestBook for phpBB <= 2.4.0 is vulnerable to a remote file inclusion vulnerability. This vulnerability allows an attacker to execute arbitrary code on the vulnerable server. The vulnerability is due to the 'phpbb_root_path' parameter in the 'addentry.php' script not being properly sanitized before being used in a 'require_once' function call. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.
Advanced GuestBook for phpBB version 2.4.0 and prior is vulnerable to a remote file inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually containing malicious code, on the vulnerable website. The vulnerable code is located in the addentry.php file.
The vulnerability exists due to failure in the "index.php" script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability. The vulnerability exists due to failure in the "/themes/default/header.inc.php" script to properly sanitize user-supplied input in "theme_dir" variable then register_globals on. Successful exloitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'f' and 'phpbb_root_path' parameters of the 'toplist.php' script. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.
This exploit is a remote denial of service attack against BL4's SMTP server. It sends a maliciously crafted EHLO command with an overly long argument to the server, causing it to crash.
An integer overflow vulnerability leading to a heap overflow in the file ..php-5.3.6extphartar.c. If entry.filename_len(which attacker can control) equal 0xffffffff, pemalloc() will allocate zero length buffer. Then php_stream_read() get as a length parameter 0xffffffff value. Because php_stream_read () checks that the passed length does not exceed the amount of data available, the buffer overflow sizes are available from the data stream.
This exploit allows an attacker to execute arbitrary commands on a vulnerable Invision Power Board 2.* installation. The vulnerable versions are <= 2.1.5 and the exploit has been tested on 2.1.4 and 2.0.2. The exploit uses a POST request to the index.php page with the login credentials and a session ID to authenticate and then executes the command.
This exploit grants DBA privileges to the hacker by exploiting a vulnerability in the Oracle 10g 10.2.0.2.0 database. The exploit uses the SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA function to execute a malicious code which grants DBA privileges to the hacker.
Services By CQR