The vulnerability exists due to insufficient sanitization of the variable $sfl_dirlocation which contains the directory to be read. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. To look for a valid url, just sniff the HTTP request sent from the module javascript code once a directory is clicked.
JCE is an extension for Joomla!, that provides you with a set of wysiwyg editor tools that makes the job of writing articles for your Joomla! site a little bit easier. Path Traversal in 'Image Manager', 'Media Manager', 'Template Manager' and 'File Manager' section. Attackers can delete any file or upload files to all the directories of the server. Attackers can use unsafe function called 'folderRename' for changing Image type extension (.jpg, .gif, .png & etc.) to any extension like .htaccess or .php in 'Image Manager', 'Media Manager', 'Template Manager' and 'File Manager' section.
Ferdows CMS is a complete, fully featured CMS in ASP.NET language and using AJAX technology with MSSQL and became a powerful CMS having plenty of strong modules. This CMS is not open-source and is accessible for private use by the author company for designing their customer's websites. Injection Flaws include Blind SQL Injection in "/about.aspx" and "/archive.aspx" and "/default1.aspx" in "siteid" parameter. Cross Site Scripting (XSS) includes Reflected XSS attack in "/showdata.aspx" in "dataid" parameter. (Post Method)
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'img_header_id' parameter of the 'oqey_settings.php' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the application's database, cause denial of service or access sensitive data.
The WordPress Collision Testimonials plugin version 3.0 and below is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The crafted request contains a malicious SQL query in the 'id' parameter of the 'featQuote' parameter. This can allow an attacker to execute arbitrary SQL commands on the vulnerable server.
Free MP3 CD Ripper 1.1 is vulnerable to a local buffer overflow vulnerability. By creating a malicious .wav file with a specially crafted payload, an attacker can overwrite the return address of the stack and execute arbitrary code. This exploit was tested on Windows XP SP3.
The WordPress MM Forms Community plugin version 1.2.3 is vulnerable to a SQL injection attack. This attack is possible when the magic_quotes setting is turned off. An attacker can exploit this vulnerability by sending a crafted HTTP request to the edit_details.php script with a malicious ID parameter. This will allow the attacker to execute arbitrary SQL commands on the underlying database.
This module exploits a vulnerability in the JCow Social Networking CMS. In versions (4.x: 4.2 and lower, 5.x: 5.2 and lower), authenticated members can trigger php code execution via 'attachment' parameter.
Sunway Force Control SCADA httpsvr.exe is vulnerable to a SEH Overwrite vulnerability. This exploit was tested on Windows XP SP0 English and probably will work on XP SP3 if a none-safeseh dll for p/p/r pointer is found. The exploit uses a windows/exec CMD=calc.exe shellcode and a NOP sled to achieve code execution.
The WordPress Photoracer plugin version 1.0 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the viewimg.php script with a malicious 'id' parameter. This will allow the attacker to execute arbitrary SQL queries on the underlying database.
Services By CQR