The vulnerability allows an attacker to include a remote file by manipulating the 'path' parameter in the affected URLs. This can lead to remote code execution or other malicious activities.
The 'com_szallasok' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The audioCMS arash 0.1.4 is vulnerable to remote file inclusion. The vulnerability allows an attacker to include remote files by manipulating the 'arashlib_dir' parameter in various scripts. This can lead to arbitrary code execution and compromise of the affected system.
The vulnerability allows remote attackers to include arbitrary files via a specially crafted URL in the GALLERY_BASEDIR parameter in needinit.php, reconfigure.php, unconfigured.php, and configmode.php scripts.
This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but on versions of EFW I tested, this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd as root. This script changes the password for the Linux root account on the system to the value specified by console input once it is executed. The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the standard USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use. Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.5.1, 2.5.2. Used Apache mod_cgi Bash Environment Variable Code Injection and Novell ZENworks Configuration Management Remote Execution modules as templates.
This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the affected system. By manipulating the 'install_demo_name' parameter in the 'install/index.php' file, an attacker can overwrite the contents of the 'config_update.php' file, leading to remote code execution and unauthorized access.
This exploit allows an attacker to include local files on a vulnerable NMDeluxe 1.0.1 template. The attacker can potentially access sensitive information or execute arbitrary code.
The CNStats 2.9 script is vulnerable to remote file inclusion. By exploiting the vulnerability in the 'who_r.php' and 'who_s.php' files, an attacker can include malicious code hosted on a remote server.
NetArt Media Jobs Portal is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in an RPC interface of the DNS service used for remote management of the service. This can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request. The DnssrvQuery function is vulnerable to this stack overflow.