The vulnerability exists in the nowosci.php page, which allows an attacker to inject malicious JavaScript code, HTML code, and SQL queries. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious code to the vulnerable page.
The mentioned class contains the vulnerable SaveData() method, which allows to create / overwrite files with arbitrary extensions inside arbitrary locations ex. automatic startup folders. By manipulating ex. the Caption property is possible to create a valid application with .hta extension.
To bypass authentication, the attacker can go to URL http://192.168.1.1/accessaccount.cgi. To get request forgery, the attacker can request from his browser without cookie or any authentication, or send link to the Administrator. The script revealing sensitive information on source of page 'accessaccount.cgi' reveals the default credentials for both user and admin accounts.
A SQL injection vulnerability exists in Joomla Component Alameda (com_alameda) version 1.0. An attacker can send a malicious SQL query to the vulnerable parameter 'storeid' in the 'index.php' script to execute arbitrary SQL commands in the backend database.
This module exploits a stack overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server.
A SQL Injection vulnerability exists in jbShop - e107 v7 CMS plugin, which allows an attacker to execute arbitrary SQL commands via the item_id parameter. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server with a crafted item_id parameter. This will allow the attacker to gain access to sensitive information such as user credentials.
Discovered a vulnerability in WP Glossary, Wordpress Plugin, vulnerability is SQL injection. File: wp-content/plugins/wp-glossary/ajax.php Exploit: id=-1; or 1=if Exploitation: http://localhost:80/wp-content/plugins/wp-glossary/ajax.php [GET][id=-1][CURRENT_USER() http://localhost:80/wp-content/plugins/wp-glossary/ajax.php [GET][id=-1][SELECT (CASE WHEN ((SELECT super_priv FROMmysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END) http://localhost:80/wp-content/plugins/wp-glossary/ajax.php [GET][id=-1][MID((VERSION()),1,6)
ClassiPress is a popular and widely used classified ads software for WordPress. Classipress is vulnerable to multiple stored XSS vulnerabilities. Input through the POST parameters 'facebook_id' and 'twitter_id' in a registered user's profile page is either not sanitisized or poorly sanitised (version specific) allowing the attacker to insert Javascript code. In version 3.0.5.2 and presumably all previous versions, no sanitation is in place, allowing an attacker to insert code within a tag or to break out of it. In version 3.1.4, the less-than character is sanitised but an attacker can still insert quotes and place an event handler in the tag.
The SQL vulnerability is an injection vulnerability that can be exploited by sending a maliciously crafted HTTP request to the vulnerable application. The Blind SQL vulnerability is an injection vulnerability that can be exploited by sending a maliciously crafted HTTP request to the vulnerable application. The Persistent XSS vulnerability is an injection vulnerability that can be exploited by creating an account and putting malicious code in the inputs. The demo for this vulnerability is to create an account and look at the profile of the user with the ID 155.
Two vulnerabilities have been discovered in Vik Real Estate, joomla component, the 2 vulnerabilities are blind injections (boolean-based time-based blind & blind). The parameters affected are: contract and imm.
Services By CQR