The WordPress SermonBrowser Plugin 0.43 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information from the database. This vulnerability is due to the lack of proper sanitization of user-supplied input in the 'sermon_id' parameter of the 'sermon.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information from the database.
A local file inclusion vulnerability in OrangeHRM 2.6.3 can be exploited to include arbitrary files.
A SQL injection vulnerability in mySeatXT 0.1781 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
This module exploits a stack-based buffer overflow vulnerability in version 3.0 of ediSys Corp.'s eZip Wizard. In order for the command to be executed, an attacker must convince someone to open a specially crafted zip file with eZip Wizard, and access the specially file via double-clicking it. By doing so, an attacker can execute arbitrary code as the victim user.
SoftMP3 released a source code of its bittorent tracker when it died. This source code is vulnerable to a SQL injection. The PoC involves sending a malicious SQL query to the minbrowse.php file, which can be used to extract user information from the database. The Fix involves deleting the minbrowse.php file and changing the cookie encryption in bittorent.php file.
The vulnerability exists due to failure in the "/wp-content/plugins/ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php" script to properly sanitize user-supplied input. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. User can execute arbitrary JavaScript code in the browser of other users.
The vulnerability exists in Realmarketing CMS System, which allows an attacker to inject malicious SQL queries via the vulnerable parameters such as 'id', 'content' and 'portalID'. An attacker can exploit this vulnerability to gain access to sensitive information from the database.
The vulnerability exists due to failure in the "includes/page_header.php" script, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentiall sensitive information.
A SQL injection vulnerability in Web2Project 2.3 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
Zenphoto is vulnerable to persistent XSS due to failure to sanitize the 'x-forwarded-for' HTTP header in security logs before being displayed in 'zp-core/admin-logs.php'. This could allow a remote attacker to inject malicious HTML code by altering the 'x-forwarded-for' HTTP header using either an intercepting proxy or manual requests in security logs and attack any user with sufficient privilege to access 'Security-logs', usually appliaction administrators.
Services By CQR