A vulnerability in MyEvent 1.2 allows remote attackers to execute arbitrary code via a crafted myevent_path parameter in an event.php request. The vulnerability is due to insufficient sanitization of user-supplied input, which allows attackers to inject malicious code into the application. This code is then executed on the server.
This exploit allows an attacker to bypass authentication and gain access to the FlexBB <= 0.5.5 web application. The exploit is done by sending a malicious cookie to the server which contains a SQL query that will bypass authentication.
Fuju News 1.0 is vulnerable to a remote SQL injection attack due to the lack of proper input validation. An attacker can exploit this vulnerability by crafting a malicious SQL query and sending it to the vulnerable application. This can allow the attacker to gain access to the application's database and potentially execute arbitrary code.
This module exploits a non authenticated SQL-Injection vulnerability in the Sygate Management Server (now Symantec Policy Manager), in order to crete a valid admin account.
PHP Album version 0.3.2.3 is vulnerable to remote code execution due to an uninitialized 'data_dir' argument in language.php. If magic_quotes_gpc is set to off and register_globals is set to on, an attacker can include arbitrary files from local resources. Against PHP5, if register_globals is set to on and allow_url_fopen is set to on, an attacker can include an arbitrary translation.dat file from a ftp resource.
sysinfo.cgi 1.21 is vulnerable to remote command execution. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This will allow the attacker to execute arbitrary commands on the vulnerable server.
osCommerce is vulnerable to an information/source code disclosure vulnerability. If the 'extras/' folder is placed inside the www path, an attacker can view all files on the target system, including php source code with database details. This is due to the vulnerable code in update.php which allows an attacker to read any file on the system.
panic-reloaded is a TCP Denial Of Service Tool which does not require large link or fast internet connection. It creates many pthreads, leaving openned connections to victim host. It is fast and an efficient way to deny a TCP service.
This exploit allows a remote attacker to execute arbitrary commands on a vulnerable server. The vulnerability exists in the 'quizz.pl' script, which is vulnerable to a command injection attack. The attacker can inject arbitrary commands into the 'ask' parameter of the script, which is then executed on the server.
This exploit allows an attacker to execute arbitrary code on a vulnerable server by including a malicious file via a vulnerable script. The vulnerable script is located in the 'impex' directory of the vBulletin installation. The attacker can use this vulnerability to execute arbitrary code on the vulnerable server.
Services By CQR