The vulnerability allows an attacker to include a remote file in the vulnerable PHP script. In this case, the vulnerable file is exif.php in the KDPics/lib/exifer/ directory. By manipulating the 'lib_path' parameter in the URL, an attacker can include a malicious file (Evil.txt) and execute arbitrary commands on the server.
This exploit allows an attacker to perform SQL injection in the pms.php file of Woltlab Burning Board Lite version 1.0.2pl3e. The vulnerability exists in the $_POST['pmid'] argument, which is not properly sanitized before being used in database queries. This can be exploited by an attacker to manipulate the database and potentially execute arbitrary SQL commands.
The Photo Galerie Standard <= 1.1 (view.php) is vulnerable to a remote SQL injection attack. By manipulating the 'id' parameter in the 'view.php' file, an attacker can execute arbitrary SQL queries on the underlying database. This can lead to unauthorized access, data theft, and other malicious activities.
When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. This exploit will execute the command - 'CMD.EXE'.
This exploit takes advantage of a remote file inclusion vulnerability in phpBB++. By exploiting this vulnerability, an attacker can include arbitrary files from a remote server, leading to remote code execution.
This exploit allows an attacker to remotely include a malicious file in the ezConvert PHP script. The vulnerable code is found in the 'config.php' file where the 'ezconvert_dir' parameter is not properly validated before being included. By manipulating this parameter, an attacker can include a remote file and execute arbitrary code on the target system.
Yosemite Backup is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.
This exploit is a fake VNC server that will crash CotVNC 2.0 due to a NULL-pointer dereference. The exploit sends a specific payload to the client, causing it to crash.
This module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.
A local file include web vulnerability has been discovered in the official Easiermobile Inc - ePhone Disk v1.0.2 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the web-application or mobile device.
Services By CQR