Systrace is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Bilder Galerie is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The MBB CMS version <= 004 is vulnerable to Local File Inclusion (LFI) and SQL Injection (SQLi) attacks. The LFI vulnerability can be exploited by manipulating the 'mod' and 'ref' parameters in the index.php file, allowing an attacker to include arbitrary files from the server. The SQLi vulnerability can be exploited by manipulating the 'id' and 'catid' parameters in the article.php file, allowing an attacker to extract sensitive information from the database.
This module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to create an authentication token for the admin web interface. This access can be used to achieve remote code execution. This module has been tested on Zimbra Collaboration Server 8.0.2 with Ubuntu Server 12.04.
This module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
The File Uploader application is prone to multiple remote file-include vulnerabilities due to insufficient input sanitization. Exploiting these vulnerabilities can allow an attacker to compromise the application and the underlying system, and may also enable other types of attacks.
File Uploader is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The Mapos-Scripts.de Gastebuch application is prone to a remote file-include vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by including a remote file containing malicious PHP code and executing it in the context of the webserver process. This could lead to compromise of the application and the underlying system.
GSWKT (Generic Software Wrappers Toolkit) is prone to multiple concurrency vulnerabilities because of its implementation of system call wrappers. This problem can result in a race condition between a user thread and the kernel. Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.