The vulnerability allows an attacker to include a remote file by manipulating the 'right_file' parameter in the 'tpl_message.php' file. This can lead to remote code execution.
Multiple Remote File Inclusion vulnerabilities exist in Persism Content Management System version 0.9.2 and below. The vulnerabilities can be exploited by an attacker to include arbitrary files from remote servers, leading to remote code execution.
The PMECMS version 1.0 has multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by manipulating the 'config[pathMod]' parameter in various module files to include malicious files from remote servers. This can lead to remote code execution and unauthorized access to sensitive information.
The World Browser is a web browser that is vulnerable to remote code execution. An attacker can exploit this vulnerability by running a PHP code that creates a malicious file and opens it in the browser. This allows the attacker to execute arbitrary code on the victim's system.
This module exploits an information disclosure vulnerability in Zpanel. The vulnerability is due to a vulnerable version of pChart used by ZPanel that allows unauthenticated users to read arbitrary files remotely on the file system. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.
The vulnerability exists in the /class/debug/debug_show.php file of RunCms version 1.5.2 and below. The show_files() and show_queries() functions do not perform any authentication, allowing an attacker to inject SQL queries and disclose sensitive credentials. The exploit takes advantage of this vulnerability to retrieve information from the database.
This is a proof of concept for the Windows Messenger Service Overflow vulnerability. The vulnerability allows an attacker to send a message with a specially crafted body that can cause a buffer overflow and crash the target machine. The vulnerability is caused by the Messenger Service not properly validating the length of the message before passing it to the allocated buffer. When a character 0x14 is encountered in the message body, it is replaced by a CR+LF. The buffer allocated for this operation is twice the size of the string, but is then copied to a buffer that was only allocated 11CAh bytes, allowing for buffer overflow. This proof of concept launches the exploit against the target machine, causing it to reboot.
/modules/flashgames/game.php?lid=-19/**/UNION/**/SELECT/**/0,1,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*
The vulnerability exists in the header.php file of the workbench survival guide. The include function is used to include the navbar.php file without proper sanitization, allowing an attacker to remotely include arbitrary files. An example exploit URL is provided as http://site.com/path/header.php?path=[[Sh3LL Script]].
An older release of blat.exe v2.7.6 is prone to a stack based buffer overflow when sending malicious command line arguments. The vulnerability can be triggered by sending two arguments, the first one can be any value e.g. 'AAAA', and the second argument triggers the buffer overflow and allows execution of arbitrary code on the victim's OS.