The CodeBreak script is vulnerable to remote file inclusion. The vulnerable code includes a file based on user-controlled input ($_POST['process_method']). An attacker can manipulate the input to include a malicious file from a remote server, leading to arbitrary code execution.
The plugin "NewStatPress" in WordPress is vulnerable to an authenticated SQL injection vulnerability (CVE-2015-4062) and an authenticated XSS vulnerability (CVE-2015-4063). The SQL injection vulnerability can be exploited by an authenticated user by manipulating the "where1" parameter in the "admin.php" page. The XSS vulnerability can also be exploited by an authenticated user by manipulating the "where1" parameter in the same page.
Wordpress Video Gallery 2.8 suffers from Unprotected Mail Page vulnerability which can be exploited for dos, phishing, mailbombing, spam. The 'email' ajax action is callable from any guest visitor (/contus-video-gallery/hdflvvideoshare.php). Any user can send email from /contus-video-gallery/email.php to any recipients. The variables used to send emails are: $to, $from, $url, $subject, $message_content, $title, $referrer, $referrer_host, $pageURL. It assumes that if the provided 'Referrer' field fits the website's URL, then it's okay to send this email.
This exploit allows remote attackers to execute arbitrary code on the target system running PunBB version 1.2.14 or earlier. The vulnerability exists due to improper sanitization of user-supplied input in the login.php file. By sending a specially crafted request, an attacker can inject and execute arbitrary PHP code on the target system.
Gran Paradiso is unable to handle a multiple request of non-existent applet so, after some page refresh, crashes or stops to answer. You can try this exploit here www.shinnai.altervista.org/nea.html but, if so, you need a little patience 'cause it's too slow than from local exploitation.
This exploit takes advantage of a race condition in the apport program in Ubuntu to gain root access. By exploiting this vulnerability, an attacker can escalate their privileges to root.
This exploit allows an attacker to perform directory traversal attacks by accessing files outside the web server root directory. The vulnerable URL is 'http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../boot.ini' or 'http://localhost/%5C..%5C..%5C..%5C..%5C..%5C../'.
The vulnerability allows an attacker to include remote files by manipulating the 'absolute_path' parameter in various PHP files. This can lead to unauthorized access, remote code execution, and potential compromise of the affected system.
Authenticated SQLi in the FeedWordPress WordPress plugin allows remote authenticated attackers to execute arbitrary SQL commands via the link_ids[] parameter in the feedwordpress/syndication.php page.
This exploit allows an attacker to remotely control a Phoenix Contact ILC 150 ETH PLC device. The script continuously prints out the current status of the PLC, reverts after 3 seconds, and stops after 5 seconds.
Services By CQR