Crash PoC for EagleGet 1.1.8.1 tested on Windows XP SP3. Creating "Setting.dat" file. The exploit causes a Denial of Service (DoS) by creating a large string in the defualt_dl_path parameter.
Using a specially crafted HTTP request to the administration web server, it is possible to exploit a lack in the user input validation. Successful exploitation of the vulnerability may result in remote code execution. Unsuccessful exploitation of the vulnerability may result in a Denial of Service of the administrative interface.
This is a remote file include exploit for Categories hierarchy v2.1.2 script. It allows an attacker to include a remote file by manipulating the 'phpbb_root_path' parameter in the 'class_template.php' file.
The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.
This exploit allows an unprivileged user to grant or revoke dba permission in Oracle database using the dbms_export_extension. The exploit creates a package that executes the GRANT or REVOKE command and then commits the transaction. The exploit requires Oracle InstantClient (basic + sdk) for DBD::Oracle.
Attackers can exploit this issue to crash Windows Explorer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will allow arbitrary code to run in the context of the user running the application.
The exploit allows an attacker to inject arbitrary code into the 'pfad_z' parameter in the settings.php file on a website. This can lead to remote code execution and potentially compromise the entire system.
The GeekLog version 2.x is vulnerable to remote file inclusion. The vulnerability exists in the BaseView.php file. An attacker can exploit this vulnerability by including a malicious file through the 'glConf[path_libraries]' parameter.
WebPhotoPro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.