The Txx CMS has a file inclusion vulnerability in modules/addons/plugin.php, modules/addons/sidebar.php, modules/mail/index.php, and modules/mail/mailbox.php. The variable $doc_root is not defined, which allows an attacker to include arbitrary files. An example exploit URL is http://site.com/modules/addons/plugin.php?doc_root=[vuln]. Additionally, there are numerous XSS vulnerabilities in the CMS.
The Sisfo Kampus 2006 application is vulnerable to a local file inclusion vulnerability. This vulnerability allows an attacker to include arbitrary local files by manipulating the 'nmf' parameter in the 'blanko.preview.php' script. By exploiting this vulnerability, an attacker can read sensitive files, such as the '/etc/passwd' file.
Trillian Pro versions <= 2.01 have a design error that exposes Yahoo credentials in plaintext. When Trillian displays a window with a link to a HTML page on the user's hard drive, the file contains a script that includes the plaintext username and password. This file is not deleted until Trillian is shut down, and can be accessed by lower level users.
The phpGedView project has multiple SQL injection vulnerabilities in the 'timeline.php' and 'placelist.php' files. These vulnerabilities are a result of input not being properly validated, allowing an attacker to execute arbitrary SQL queries. Specifically, the 'get_place_list()' function in the 'functions_mysql.php' file does not sanitize the $parent_id and $level variables before including them in the query. This can be exploited by an attacker to manipulate the SQL queries and potentially gain unauthorized access to the database.
The exploit involves passing fuzzy characters to the Start method of the SQL Server Distributed Management Objects OLE DLL (sqldmo.dll). By manipulating the EDX register, the first exploitable condition is achieved. Additionally, the Structured Exception Handler (SEH) is overwritten to gain control of the program flow. This vulnerability can be exploited if the ActiveX control is set to 'ask' or 'enabled' for the Internet zone.
This exploit targets the fuzzylime (cms) version 3.0 and below. It allows an attacker to include local files by manipulating the 'p' parameter in the 'getgalldata.php' script. The vulnerability can be exploited when the 'magic_quotes_gpc' setting is turned off. The exploit sends a malicious request to the target site, including the '../etc/passwd' file in the 'p' parameter value. This allows the attacker to read sensitive system files.
This exploit allows an attacker to include arbitrary files from a remote server in the Focus/SIS application. The vulnerability exists in versions 1.0 and 2.2 of the application.
The TLM CMS v3.2 is vulnerable to multiple remote SQL injection attacks. The vulnerability allows an attacker to manipulate SQL queries and potentially gain unauthorized access to the database. The affected files include 'news.php', 'goodies.php', 'file.php', 'affichage.php', '/mod_forum/afficher.php', and '/mod_forum/messages.php'. The exploit URLs are provided in the text.
This exploit demonstrates a remote buffer overflow vulnerability in the BaoFeng2 Mps.dll ActiveX component. An attacker can exploit this vulnerability by sending a specially crafted request to the affected system, potentially allowing them to execute arbitrary code or crash the system. This vulnerability was discovered on September 8, 2007.
The exploit allows an attacker to include remote files on the target server.
Services By CQR