The bwired web application is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries in the 'newsID' parameter of the index.php page. This can lead to unauthorized access to the database and potentially sensitive information disclosure.
Home Web Server allows to call cgi programs via POST which are located into /cgi-bin folder. However by using a directory traversal, it is possible to run any executable being on the remote host.
The search component of Joomla! allows an attacker to execute arbitrary PHP commands. It is possible to execute OS commands via system() calls. An attacker does not need to be authenticated to perform this attack.
Remote attackers can abuse the Podcast feature of subsonic to launch Server Side Request Forgery attacks on the internal network or to the internet if an authenticated user clicks a malicious link or visits an attacker controlled webpage. SSRF can be used to bypass Firewall restriction on LAN.
reiserfstune is used for tuning the ReiserFS. It can change two journal parameters (the journal size and the maximum transaction size), and it can move the journal’s location to a new specified block device. (The old ReiserFS’s journal may be kept unused, or discarded at the user’s option.) Besides that reiserfstune can store the bad block list to the ReiserFS and set UUID and LABEL. Note: At the time of writing the relocated journal was implemented for a special release of ReiserFS, and was not expected to be put into the mainstream kernel until approximately Linux 2.5. This means that if you have the stock kernel you must apply a special patch. Without this patch the kernel will refuse to mount the newly modified file system. We will charge $25 to explain this to you if you ask us why it doesn’t work.Perhaps the most interesting application of this code is to put the journal on a solid state disk.device is the special file corresponding to the newly specified block device (e.g /dev/hdXX for IDE disk partition or /dev/sdXX for the SCSI disk partition).
The JBlog version 1.0 script is vulnerable to remote access and contains dangerous vulnerabilities including Create Admin exploit, xss, and Cookie Manipulation. The exploit allows for cookies manipulation and cross-site scripting (xss) attacks. The POST variable 'search' in /jblog/recherche.php and the Cookie variable 'theme' can be manipulated. This allows for setting the cookie variable 'theme' to arbitrary values, potentially leading to unauthorized access or execution of malicious scripts.
The RCMS-Pro web application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a remote file using the 'id' parameter in the 'page.php' file.
Gaucho version 1.4 is vulnerable to a buffer overflow when receiving malformed emails from a POP3 server. This vulnerability is triggered if the POP3 server returns a specially crafted email that has an abnormally long string in the Content-Type field of the email header. This string will overwrite EIP via SEH, and can be exploited to execute arbitrary code.
The vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool allow for unauthenticated static PHP code injection, heap buffer overflow, and remote DLL injection, leading to remote code execution.
The vulnerability allows an attacker to pull out member info from the database by executing a malicious SQL query.
Services By CQR
