This exploit takes advantage of a vulnerability in the News-Letterman 1.1 software, specifically in the 'eintrag.php' file. The vulnerable code includes a user-supplied input file, which can be exploited to include remote files from an attacker-controlled server. This can lead to remote code execution and potential compromise of the target system.
The 'CALL SP_DEL_BAK_EXPIRED' function in DM Database Server is vulnerable to remote memory corruption when a large string is passed to the first argument. An attacker can exploit this vulnerability to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
The wsCMS application fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.
The CMScout application fails to properly sanitize user-supplied data, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.
GR Board is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
ImpressPages CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The osCommerce Visitor Web Stats application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Core FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
The Home FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to download, upload, and delete arbitrary files outside of the FTP server's root directory. This may aid in further attacks.
Services By CQR