The Basic Web Server is vulnerable to a directory-traversal vulnerability and a denial-of-service vulnerability. Exploiting these issues allows attackers to obtain sensitive information or cause denial-of-service conditions.
The Spain component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.
The GestArt portal is vulnerable to Remote File Inclusion. The 'aide.php' script includes a file based on user input without proper validation, allowing an attacker to include arbitrary files from a remote server. This can lead to remote code execution and compromise the target system.
This module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable <cffile> line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.
A remote code execution web vulnerability has been discovered in the official Briefcase Pro v4.0 iOS mobile wifi web-application. The vulnerability allows an attacker to compromise the application and connected device by usage of a system specific command execution. The vulnerability is located in the 'Create Folder (Add Folder)' input field. The input field to create folders allows to inject the input via POST method request.
The BP Blog 7.0 script is vulnerable to SQL injection. By manipulating the 'layout' parameter in the default.asp file, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database, such as the author's username and password.
This vulnerability allows attackers to execute arbitrary code by enticing a legitimate user to open a file from a network share location that contains a specially crafted DLL file.
e107 is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The OES (Open Educational System) version 0.1beta has a vulnerability in the includes/lib-account.inc.php file. The include function is improperly used, allowing an attacker to include arbitrary remote files.