A remote SQL injection vulnerability exists in ?IXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ?epId?parameter in the ?eplyNew.asp?page to inject malicious SQL code and gain access to the admin panel.
This exploit allows an attacker to perform a Denial of Service (DOS) attack by sending a large buffer of random characters as the username and password to the Quick 'n Easy FTP Server 3.2. This causes the server to become unresponsive and deny service to legitimate users.
Reflected Cross Site Scripting on qr.php file in URL parameter
WikiReader is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input data to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application; failed exploit attempts will result in a denial-of-service condition.
This exploit allows an attacker to inject malicious SQL code into the 'RepId' parameter of the 'ReplyNew.asp' script, which is part of the ZIXForum <= v1.12 application. This can be used to extract sensitive information from the database, such as usernames and passwords.
An attacker can send a malicious RETR command to the vulnerable FTP server, such as 'RETR ../../../../boot.ini', to traverse the directory and access sensitive files outside the web root directory.
A SQL injection vulnerability exists in the POST form of CMS Ortus 1.12 and 1.13. An attacker can exploit this vulnerability by registering on the website, authenticating, and then editing the user profile. The attacker can then inject malicious SQL code into the “City” field to gain admin rights and access the admin area.
This exploit allows an attacker to add a new admin with their own credentials by exploiting a SQL injection vulnerability in Libera CMS version 1.12. The exploit uses a cookie to inject malicious SQL code into the application. The attacker can then use the new admin credentials to gain access to the application.
CMME 1.12 is vulnerable to Local File Inclusion, Download Backup, Make Directory, Cross Site Scripting and Cross Site Request Forgery. Local File Inclusion can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Download Backup can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Make Directory can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Cross Site Scripting can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Cross Site Request Forgery can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value.
D-Link DIR-100 devices with firmware 1.12 are vulnerable to a security bypass vulnerability. This vulnerability allows attackers to bypass security restrictions and access sites that are blocked by an administrator.
Services By CQR