Remote File Include vulnerability in Flip-2.01-final 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter to previewtheme.php.
This module exploits a stack based buffer overflow in IMail 2006 and 8.x SMTP service. If we send a long strings for RCPT TO command contained within the characters '@' and ':', we can overwrite the eip register and exploit the vulnerable smpt service.
AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authed user should be usable. Admin not required.
This exploit takes advantage of a buffer overflow vulnerability in the IMail server. By sending a specially crafted request, an attacker can overflow a buffer and potentially execute arbitrary code on the target system.
The vulnerability allows an attacker to include a remote file in the vulnerable PHP script. In this case, the vulnerable file is exif.php in the KDPics/lib/exifer/ directory. By manipulating the 'lib_path' parameter in the URL, an attacker can include a malicious file (Evil.txt) and execute arbitrary commands on the server.
This exploit allows an attacker to perform SQL injection in the pms.php file of Woltlab Burning Board Lite version 1.0.2pl3e. The vulnerability exists in the $_POST['pmid'] argument, which is not properly sanitized before being used in database queries. This can be exploited by an attacker to manipulate the database and potentially execute arbitrary SQL commands.
The Photo Galerie Standard <= 1.1 (view.php) is vulnerable to a remote SQL injection attack. By manipulating the 'id' parameter in the 'view.php' file, an attacker can execute arbitrary SQL queries on the underlying database. This can lead to unauthorized access, data theft, and other malicious activities.
When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. This exploit will execute the command - 'CMD.EXE'.
This exploit takes advantage of a remote file inclusion vulnerability in phpBB++. By exploiting this vulnerability, an attacker can include arbitrary files from a remote server, leading to remote code execution.
This exploit allows an attacker to remotely include a malicious file in the ezConvert PHP script. The vulnerable code is found in the 'config.php' file where the 'ezconvert_dir' parameter is not properly validated before being included. By manipulating this parameter, an attacker can include a remote file and execute arbitrary code on the target system.