The 'key' parameter in openEngine 2.0 is prone to a Blind SQL Injection. Technical details include database information, Blind SQL Injection, and User-Guessing.
If the application is configured using the default directory structure and an access database then a user can download the access database. First reset your own password via the 'Registration' link. This now takes you to a new page where you can select the 'Edit my info' link. Change the above GET URI to member_id=1& and refresh. Now by modifying the following variables in the POST data you can reset the admin password with the password you entered into the appropriate field to gain full admin rights to the web application.
AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malcious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.
A SQL injection vulnerability exists in Joomla Component Time Returns (com_timereturns) version 2.0 or lower. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to bypass authentication, access, modify and delete data in the back-end database.
An attacker can read in sensitive files about l-parameter by exploiting vulnerable code in gbook_setcookie.php line 7.
This module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution.
The EFront Community Edition version 3.6.9 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. The vulnerable requests are: www/student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --, www/professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --, www/admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to '/url-shortener-script/show.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to read, modify or delete arbitrary data in the database.
This exploit is for Opera 10/11 (bad nesting with frameset tag) Memory Corruption vulnerability. It is coded in 2010-09-23 and last revised on 2011-09-30. It is tested on v10.xx (v10.00, v10.01, v10.10, v10.50, v10.51, v10.52, v10.53, v10.54, v10.6, v10.61, v10.62 and v10.63) and v11.xx < v11.11 (v11.00, v11.01 and v11.10). It is patched on v11.11. It can cause RCE on v10.00, v10.50, v10.51, v10.52, v10.54, v10.60, v10.62, v11.00, v11.01 and v11.10* and DoS on v10.01, v10.10, v10.53, v10.61 and v10.63. It is coded by Jose A. Vazquez of http://spa-s3c.blogspot.com and greets to Ruben, Sinn3r, Metasploit Team, Corelan Team, etc.
The vulnerability exists in the show.php file, where an attacker can inject malicious SQL queries via the 'cid' and 'page' parameters. An attacker can exploit this vulnerability to gain access to sensitive information from the database.
Services By CQR