JEEMA SMS is a Joomla 1.5 component which can be installed inside Joomla. The main purpose of this component is to configure any HTTP SMS API and you can start sending SMS. This component can be used as a reseller account. For the operation must first register. SQL injection can be exploited by sending a malicious post request to the vulnerable URL. Blind SQL injection can be exploited by sending a malicious post request to the vulnerable URL. Message transfer credit can be exploited by sending a malicious post request to the vulnerable URL.
Two vulnerabilities discovered - Category_id Parameter SQL injection and XSS in several places. The SQL injection can be exploited by passing malicious SQL code in the category_id parameter. The XSS can be exploited by posting malicious code in the Listing Title field when creating a new listing or in the Search field when searching for listings. The XSS can be viewed without being registered.
PHP Photo Album version 0.4.1.16 is vulnerable to multiple disclosure vulnerabilities, including Cross Site Scripting (XSS) and Local File Disclosure (LFD). An attacker can exploit these vulnerabilities to gain access to sensitive information, execute arbitrary code, and inject malicious code into the application.
GFI FaxMaker is a market leading fax server software for Exchange Server, Lotus Domino, SMTP/POP3, which makes sending and receiving faxes an efficient, simple and cheaper process. An Integer division by zero error is triggered when opening the fax file, leading to a denial of service.
Discovered a vulnerability in Techfolio, joomla component, vulnerability is SQL injection. The parameters affected are: catid. The query to the variable $catid is not filtered.
This PoC exploits CVE-2011-4029 to set the rights 444 (read for all) on arbitrary file specified as argument (default file is "/etc/shadow"). It uses SIGSTOP/SIGCONT signals and the Inotify API to win the race.
A SQL Injection vulnerability was discovered in the WordPress wptouch plugin. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the ajax.php file. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
This module exploits a stack-based buffer overflow in GTA SA-MP Server. This buffer overflow occurs when the application attempts to open a malformed server.cfg file. To exploit this vulnerability, an attacker must send the victim a server.cfg file and have them run samp-server.exe.
This module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
The vulnerable code is located in /www/editor/tiny_mce/plugins/save_template/save_template.php. Input passed through $_POST['templateName'] and $_POST['templateContent'] isn't sanitized before being used in a call to file_put_contents() at line 17, this can be exploited to write arbitrary PHP code in a file with .php extension also if magic_quotes_gpc = on. The vulnerable code is located in /libraries/filesystem.class.php. Input passed through $name isn't properly sanitized before being used in a call to strrpos() at line 3146, this can be exploited to upload arbitrary files with multiple extensions. The vulnerable code is located in /www/index.php. Input passed through $_GET['message'] isn't properly sanitized before being used in a call to assign() at line 10, this can be exploited to inject arbitrary HTML and script code in the application.
Services By CQR