This exploit takes advantage of a vulnerability in pragmaMX Landkartenmodule 2.1, which allows an attacker to include files from the server's file system. The vulnerable code can be found in the 'require_once("modules/$module_name/inc/conf.php");' line. By manipulating the 'module_name' parameter, an attacker can specify a path to a file they want to include, potentially leading to unauthorized access or remote code execution.
This exploit allows for local elevation of privileges on Windows 2000 systems using the Utility Manager. It gives the user a shell with system privileges. The exploit works by getting the system language and setting the windows names to work on any Windows 2000 system. It supports multiple languages and can be modified to add additional languages.
Multiple XSS vulnerabilities exist in the phpSound Music Sharing Platform. The first vulnerability allows an attacker to execute arbitrary code by injecting a malicious payload in the 'Title' or 'Description' input fields of a playlist. The second vulnerability is a reflected XSS vulnerability in the 'filter' parameter of the explore page, allowing an attacker to execute arbitrary code. Sample payloads for both vulnerabilities are provided.
The XSS attack vulnerability is caused by copying the value of the id request parameter into an HTML tag attribute without proper sanitization. The SQL injection vulnerability is caused by the country/gender1/gender2 parameter being vulnerable to SQL injection attacks.
This exploit allows an attacker to perform a remote SQL injection on PHPBB Minerva Mod version 2.0.21 build 238a through the 'forum.php' file. The vulnerability allows the attacker to extract the user password from the 'minerva_users' table by manipulating the 'user_id' parameter.
This exploit allows an attacker to include local files on the server by manipulating the 'name' parameter in the 'bbcode_ref.php' script of Modulo Splatt Forum v4.0 RC1. The vulnerable code can be found on line 17 and 19 of the script. By including certain files, an attacker can potentially view sensitive information such as log files.
This exploit creates a vulnerable image.xml file that can cause a crash in i.Mage software. The vulnerability is caused by an access violation when reading a specific memory address. The exploit author has provided a proof of concept code that fills the image.xml file with a large number of 'A' characters, causing the crash. It is recommended to copy the image.xml file to the installation directory of i.Mage software and start the application to trigger the crash.
i.Hex is a small and free graphical Hex Editor for Windows. The vulnerability allows an attacker to create a malicious iHex.xml file that can crash the i.Hex software.
This exploit takes advantage of a buffer overflow vulnerability in i-FTP v2.20, allowing an attacker to execute arbitrary code. The exploit uses a return address overwrite technique to redirect program execution flow to the attacker's shellcode. The shellcode payload used in this exploit spawns the Windows calculator. The exploit has been tested on various Windows platforms, including Win7 32bit, Win8.1 64bit, and Win XPsp3.
This vulnerability allows remote file inclusion.