The 'op', 'bop', 'ext', 'eop' arguments are not properly sanitized before including files from local resources, allowing for arbitrary file inclusion. The 'ext' argument can be used to inject PHP code into the 'cache/ext/statman/log.gtdat' file and execute commands. Additionally, the 'list.gtdat' file in the 'cache/users' folder exposes the MD5 password hashes of all admin and users. This can be exploited by crafting a specific value for the 'upass' parameter.
The Ignition 1.3 version is vulnerable to remote code execution. Attackers can overwrite the settings.php file by sending a specially crafted POST request and injecting malicious code into one of the variables. This allows attackers to execute arbitrary commands on the target server.
This exploit allows an attacker to execute remote commands on the target server.
A stored XSS vulnerability using CSS styles affecting users surfing the malicious post using IE6, IE7, NS 8.1.
Exploiting a non-typesafe comparison flaw, a remote aggressor can access arbitrary files on a vulnerable system. Authentication is not required to exploit this vulnerability. Moreover, a 'fileDenyPattern' bypass has been implemented in order to speed up the attack.
This exploit causes a Denial of Service (DoS) and an Access Violation Exception in QuickTime PictureViewer 7.6.6. The exploit file is a JP2000 file with the MD5 hash B2859391D32DBBFCE00FD2F641863954.
The Interact version 2.4.1 is vulnerable to SQL Injection in the search.php file. The search_terms parameter is not properly sanitized and is directly used in a SQL query, allowing an attacker to execute arbitrary SQL commands.
The File filter used in the code don't check the uploaded file but only set the type of files that can be veiwed in the upload window so if we type *.* in the filename we will see all others file and then we can upload any type of file.
This exploit allows an attacker to inject SQL code into the com_idoblog component of Joomla. By manipulating the 'userid' parameter, the attacker can execute arbitrary SQL queries on the database. The result of the query is then displayed on the website, potentially exposing sensitive information such as usernames, passwords, and email addresses of the Joomla users.
This exploit allows an attacker to change the admin account credentials by submitting a form with hidden input fields containing the new username and password values. The form action URL is http://localhost/siteadmin/EditInfo.php.
Services By CQR