A vulnerability exists in vAuthenticate 3.0.1, which allows an attacker to bypass authentication by setting the USERNAME and PASSWORD cookies to ' or ' and then using the login.php page for authentication bypass. This is due to the vulnerable code in check.php, which does not properly sanitize user-supplied input before using it in an SQL query.
A SQL injection vulnerability exists in the WordPress Event Registration plugin version 5.4.3 and earlier. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
The WordPress Advertizer plugin version 1.0 is vulnerable to a SQL injection vulnerability. This vulnerability is due to the lack of proper sanitization of user-supplied input in the 'id' parameter of the 'click_ads.php' script. An attacker can leverage this vulnerability to execute arbitrary SQL commands in the context of the web application.
The WordPress iCopyright(R) Article Tools plugin version 1.1.4 is vulnerable to a SQL injection attack. This is due to the lack of proper sanitization of user-supplied input in the 'id' parameter of the 'icopyright_xml.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information from the database.
A SQL injection vulnerability exists in the WordPress SH Slideshow plugin version 3.1.4 and earlier. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'ajax.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database.
Mini-stream Ripper 2.9.7.273 is vulnerable to a universal buffer overflow vulnerability. The vulnerability is caused due to a boundary error when handling .m3u files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .m3u file with an overly long string. This may allow an attacker to execute arbitrary code.
This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options.
MiniFTPServer suffers from a denial of service vulnerability when passing large number of bytes after authentication, resulting in a crash. No need for a valid FTP command to exploit this issue.
A SQL injection vulnerability exists in WordPress mySTAT plugin version 2.6 and earlier. The vulnerability is due to insufficient sanitization of user-supplied input in the 'd1' and 'd2' parameters of the 'mystat.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database.
A SQL injection vulnerability exists in the WordPress Profiles plugin version 2.0 RC1. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to inject arbitrary SQL commands into the application, allowing them to access, modify, or delete data from the application's back-end database.
Services By CQR