Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
Flatnuke contains one flaw that may allow a user to become administrator. The issue is due to 'sections/none_Login/section.php' script not properly sanitizing user input supplied to the 'level' POST variable. GPC = Off Change your rights using the null byte.
PHP Melody v2.7.1 is vulnerable to a time-based blind SQL injection in the 'playlist' parameter of the 'ajax.php' page. An attacker can send a malicious HTTP request with a payload of '+(select*from(select(sleep(20)))a)+' to the vulnerable page to cause a delay in the response time, indicating a successful exploitation.
Newsletter Open Source is an ASP-based online newsletter application. Includes Admin Pak, a former commercial add-on for the application. Commercial Rich Text Editor has been stripped from the Admin Pak. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'qid' in the URL. This can allow the attacker to gain access to sensitive information from the database.
Acuity CMS is an affordable, very easy to use CMS offering a rich set of features despite its low price point. Advanced WYSIWYG editing (using Acuity Visual Editor), code cleaning, menu management, integrated search, and more. Free online demo available. Code: ASP 3.0 & VBScript. The vulnerability is a SQLi vulnerability which can be exploited by sending a malicious request to the server. The demo URL is http://server/article.asp?page=[sqli]
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
grocy household management solution v2.7.1, allows stored XSS and HTML Injection, via Create Shopping List module, that is rendered upon deletiing that Shopping List. To exploit this vulnerability, a user must login to the application, go to 'Shooping List' module, click on 'New Shopping List' module, enter the payload: <marquee onstart=alert(document.cookie)> in 'Name' input field, click Save, and click 'Delete Shopping List'.
Paramiko is a Python implementation of the SSHv2 protocol, providing both client and server functionality. Paramiko is vulnerable to an insecure default configuration vulnerability, which allows an attacker to connect to the SSH server without authentication. This vulnerability is due to the Paramiko library not enforcing authentication by default. An attacker can exploit this vulnerability by connecting to the SSH server without authentication and executing arbitrary commands.
Services By CQR