The XCMS CMS version 1.1 is vulnerable to a remote directory listing and local file inclusion vulnerability. The vulnerability exists in the 'Galerie.php' module, where the 'Lang' and 'Ent' parameters are not properly validated before being used in include and opendir functions, respectively. An attacker can exploit this vulnerability to read arbitrary files on the server and potentially execute malicious code.
Remote SQL injection in view_event.php id, able to pull admin username/md5hash.
This exploit allows an attacker to remotely steal the /etc/shadow file from a vulnerable MusicDaemon version 0.0.3. The vulnerability does not require shellcode or return addresses and works by exploiting the lack of authentication and privilege checks in the application. By sending specific commands to the MusicDaemon, an attacker can retrieve sensitive system files such as /etc/shadow.
Cross-Site Request Forgery (CSRF) vulnerability in the DIR-600M wireless router enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated. An attacker who lures a DIR-600M authenticated user to browse a malicious website can exploit cross site request forgery (CSRF) to add new admin, change wifi password and to change other network settings.
The exploit allows an attacker to read up to 31 bytes of uninitialized memory at a time from a connected client or server.
The Ripe Website Manager script (version <= v0.8.9) is vulnerable to remote file inclusion. The vulnerability can be exploited by including arbitrary files via the 'level' parameter in the 'author_panel_header.php' and 'admin_header.php' scripts. An attacker can craft a malicious URL and execute arbitrary code on the target system.
Remote sql injection in view_sub_cat.php cat_id, able to pull username/passwords of their admin and user accounts.
The shipped HTTP daemon in OpenBSD (up to the latest version) is prone to 2 remote DoS. The first vulnerability allows an attacker to consume all the CPU power from the remote server (CPU exhaustion). The second vulnerability (Memory exhaustion) allows an attacker to consume all the RAM and the swap space on the remote side. Processes will be killed when running out of swap space. The system will be likely to freeze.
Remote sql injection in view_sub_cat.php cat_id, able to pull username/passwords of their admin and user accounts.
If the client receives a large banner when attempting to send a file, the application will freeze or crash with an exception report. The EIP is overwritten with A's. Version 3.1.3 is not vulnerable.