A SQL injection vulnerability exists in DmxReady Bilboard v1.2. An attacker can send a malicious SQL query to the vulnerable parameter 'ItemID' in the 'update.asp' script, which can be used to extract sensitive information from the database.
A SQL injection vulnerability exists in DmxReady Faqs Manager v1.2. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
A SQL injection vulnerability exists in DmxReady Contact Us Manager v1.2. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose sensitive information in the database, or to gain access to the application.
A vulnerability exists in DMXReady Registration Manager v1.2 which allows an attacker to inject arbitrary SQL commands via the 'MemberID' parameter in the 'update.asp' script.
The phpDealerLocator software is vulnerable to multiple SQL Injection vulnerabilities. An attacker can exploit these vulnerabilities by sending maliciously crafted requests to the vulnerable parameters. For example, an attacker can send a request to the record.php?Dealer_ID= parameter with the following payload: http://www.example.com/Locator/record.php?Dealer_ID=00000026 union all select 1,2,3,4,5,group_concat(Users_Name,0x3a,Users_Password,0x0a),7,8 FROM users--, which will allow the attacker to extract the usernames and passwords of all users in the database.
This module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the 'FTP Publishing' service must be configured as 'manual' mode in startup type 3) there must be at least one directory under FTP root directory. If your provided FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.
A SQL injection vulnerability exists in DmxReady News Manager v1.2. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the application database and potentially compromise the application and the underlying system.
This is the exploit written for Abysssec 'The Arashi' article. It gracefully bypasses DEP/ASLR (not the sandbox) in Adobe Reader X, and is named 'Tatsumaki DEP/ASRL Bypass'. It works reliably on IE9/FF4 and other browsers.
A SQL injection vulnerability exists in DmxReady Catalog Manager v1.2. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Donar Player 2.8.0 is vulnerable to a Denial of Service attack when a specially crafted .wma file is opened and played. The application will crash when the file is opened and played.
Services By CQR