Information disclosure which includes absolute system paths, os flavour, application configuration information and other installed application versions. The vulnerability can be triggered by appending 'phpThumbDebug=' and any number from 0 to 10 to any phpThumb.php request.
The vulnerability exists due to failure in the 'adm/admin_edit.php' script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. The vulnerability exists due to failure in the 'add_story.php', 'editprofile.php', 'adm/content_add.php', 'adm/admin_edit.php' scripts to properly sanitize user-supplied input in 'story_url', 'email', 'title', 'username' variables. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically.
dhtml-menu-builder is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
A command injection vulnerability in Time and Expense Management System can be exploited to execute arbitrary operating system commands.
A cross-site request forgery vulnerability in Front Accounting 2.3.4 can be exploited to create a new admin.
The Horizon Solutions website is vulnerable to union based SQL injection. Both the 'uid' and 'men' parameters are vulnerable. An example of an encoded URL exploit is '/fshow.php?uid=HORIZON3&men=-4649%27%20UNION%20ALL%20SELECT%20CONCAT%28CHAR%2858%2C119%2C117%2C97%2C58%29%2CIFNULL%28CAST%28version%28%29%20AS%20CHAR%29%2CCHAR%2832%29%29%2CCHAR%2858%2C99%2C105%2C99%2C58%29%29%23%20'. An example of an un-encoded URL exploit is 'GET /fshow.php?uid=HORIZON3&men=-4649' UNION ALL SELECT CONCAT(CHAR(58,119,117,97,58),IFNULL(CAST(version() AS CHAR),CHAR(32)),CHAR(58,99,105,99,58))# HTTP/1.1'. The query answer is '5.1.55-log:cic:'.
Travel411 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The attacker can send malicious SQL queries to the database, which can be used to bypass authentication, retrieve, modify or delete data from the database.
Exponent CMS 2.0 Beta 1.1 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an administrator account without any authentication. This vulnerability can be exploited by tricking an authenticated user into clicking a malicious link or visiting a malicious website.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The attacker can use the 'mpfn=pdview&id' parameter to inject malicious SQL code into the application. The attacker can use the 'union select' statement to extract data from the database. The attacker can also use the 'group_concat' statement to concatenate the data from the database.
Services By CQR