This exploit allows an attacker to execute arbitrary commands on a target server running Php-Stats version 0.1.9.1b. The vulnerability is caused by a lack of input validation in the 'option_new[report_w_day]' parameter of the 'php-stats-options.php' file. By injecting PHP code into this parameter, an attacker can execute shell commands through the main page of the Php-Stats application. This exploit requires authentication as an admin user.
Easy Banner Free is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks. The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Easy Banner Free is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks. The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SimpLISTic SQL is prone to a cross-site-scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Remote attackers can exploit this issue to modify the WiFi key and possibly other configuration settings. Successful exploits will lead to other attacks.
The ZyXEL P-660R-T1 V2 router is prone to a cross-site scripting vulnerability. This occurs because the router fails to sufficiently sanitize user-supplied data, allowing an attacker to execute arbitrary HTML and script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and enable further attacks.
Apache Tomcat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Local attackers running malicious code can exploit this issue to elevate their privileges. Successful attacks will completely compromise an affected device.
This exploit allows an attacker to include a remote file in the PHP DB Designer version 1.02 and earlier. By manipulating the _SESSION[DRIVER] or _SESSION[SITE_PATH] parameters in the session.php, help.php, or about.php files, an attacker can include a malicious file from a remote server.
Hot Links SQL is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR