Input passed via keys of $_POST array isn't properly sanitized before being stored into $i18nfile variable at line 239, that variable will be the contents of a language file stored into 'i18n' directory with a php extension. This could allow authenticated users to inject and execute arbitrary PHP code. Furthermore, access directly to /translate.php?mode=save will reveal the full installation path of the application.
A SQL injection vulnerability exists in ARASTAR software, which is a content management system. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable website. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other confidential data.
Blogs manager <= 1.101 is affected by a SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. Note - A registered account could be required to exploit the vulnerability.
Valid tiny-erp <= 1.6 is affected by a SQL injection vulnerability. A registered account could be required to exploit the vulnerability.
Freelancer calendar <= 1.0.1 is affected by a SQL injection vulnerability. A registered account could be required to exploit the vulnerability.
Discovered a vulnerability in jetpack, Wordpress Plugin, vulnerability is SQL injection. File: wp-content/plugins/jetpack/modules/sharedaddy.php Exploit: id=-1; or 1=if
This modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8.
A stack overflow/DOS vulnerability exists in Thunder kankan player version 4.8.3.840. An attacker can exploit this vulnerability by creating a malicious .wav file and sending it to the victim. When the victim opens the malicious .wav file, the attacker can execute arbitrary code on the victim's system.
This module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
Exploiting this vulnerability requires that an attacker supply a malicious SQL query as a value of the 'CategoryID' parameter.
Services By CQR