The MyPHP Forum script version 3.0 (Final) is vulnerable to multiple remote SQL injection vulnerabilities. The first vulnerability exists in the faq.php file, where the 'id' parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability to execute arbitrary SQL queries. The second vulnerability exists in the member.php file, where the 'member' parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability to execute arbitrary SQL queries.
This exploit allows an authenticated user to execute remote code in PHPKB Multi-Language 9. By manipulating the 'putdown_for_maintenance' parameter in the 'save-settings.php' file, an attacker can execute arbitrary commands.
The MiladWorkShop VIP System 1.0 is vulnerable to SQL Injection in the 'lang' parameter. An attacker can exploit this vulnerability to execute arbitrary SQL queries and retrieve sensitive information.
This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash the target.
Plugin fails to perform authorization check to delete/add/edit data entries.
The IPTBB forum system built using PHP and MySQL is vulnerable to remote SQL injection. By manipulating the 'id' parameter in the 'viewdir' action of the 'index.php' file, an attacker can execute arbitrary SQL queries. The exploit allows an attacker to retrieve sensitive information such as usernames, passwords, email addresses, and MSN accounts from the 'iptbb_users' table. The default admin id is 1, but any user id can be targeted.
This exploit allows an attacker to execute arbitrary SQL queries in the rConfig software. It can be used to extract sensitive information from the database, such as usernames and passwords.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
CSRF vulnerability was discovered in v1.1.8 version of HRSALE. With this vulnerability, authorized users can be added to the system.
This exploit targets the IBM Domino Web Access Upload Module dwa7w.dll and takes advantage of a SEH (Structured Exception Handling) overwrite vulnerability. It allows an attacker to execute arbitrary code on a vulnerable system.
Services By CQR