This exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in Sam Spade 1.14. The vulnerability occurs when processing input from the 'Scan from IP addresses' input field. By providing a specially crafted input, an attacker can overwrite the return address and gain control of the program's execution flow.
This exploit allows an attacker to include remote files in PHPtree plugin HP_DEV cms2.php script by manipulating the s_dir parameter in the URL. This can lead to arbitrary code execution on the server.
There is a generic stack-based buffer overflow in all versions of Xine-lib, including Xine-lib-rc5, that allows for local and remote malicious code execution. By overflowing the vcd:// input source identifier buffer, it is possible to modify the instruction pointer with a value that a malicious attacker can control.
The application's module used for handling incoming connections contains a flaw. When handling authentication requests, the vulnerable process copies user provided input to a fixed length buffer without performing a length check. A remote unauthenticated attacker can exploit this vulnerability to cause a buffer overflow and execute arbitrary code in the context of the exploited application (installed as a service by default, i.e. with "NT AUTHORITYSYSTEM" privileges).
An attacker can exploit these vulnerabilities in et-chat 3.07 and potentially other versions to gain elevated privileges within the application and upload arbitrary shells. This could lead to arbitrary code execution within the context of the vulnerable application.
The Archangel Weblog version 0.90.02 is vulnerable to Local File Inclusion and Login Page Bypass By Cookie attacks. An attacker can exploit this vulnerability by sending a specially crafted request to the index.php file, allowing them to include local files or bypass the login page using a manipulated cookie. This can lead to unauthorized access to sensitive information or administrative privileges.
This is a remote code execution exploit for Nuked-klaN 1.7.6. It allows an attacker to execute arbitrary PHP code on the target server.
Multiple CSRF issues in PHP Server Monitor allow remote attackers to add arbitrary users & servers to the system, modify system configurations and delete arbitrary servers, if user (admin) is logged in and visits our malicious website or clicks on our infected links. As no CSRF protection is used in the application, we can make requests on the victim's behalf and the server will happily oblige processing our malicious HTTP requests.
This vulnerability allows an attacker to include remote files in the 'watermark.php' script of vm watermark mod 0.4.1. By manipulating the 'GALLERY_BASEDIR' parameter, an attacker can include a malicious file ('shell.txt' in this case) from a remote server.
Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly sanitize user-supplied input.An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the affected application and to obtain sensitive information that may aid in further attacks.
Services By CQR