OpenCart 1.4.9 is vulnerable to multiple LFI vulnerabilities. An attacker can exploit these vulnerabilities by sending a crafted HTTP request containing malicious input to the vulnerable application. This can allow the attacker to read arbitrary files on the server.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter size_id in the image.php file. The crafted query will allow the attacker to extract information from the database.
A SQL injection vulnerability exists in Rash CMS due to improper sanitization of user-supplied input in the 'reciver' parameter of the 'contact-config.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable script. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Advanced Image Hosting v2.2 is vulnerable to SQL injection. The vulnerable variables are the POST variables: gallery_id, showlinks, gal, id, type, email, emaillinks, allbox, and pages, as well as the GET variable. An attacker can exploit this vulnerability by sending malicious SQL queries to the application.
Anzeigenmarkt 2011 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
A SQL Injection vulnerability was discovered in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php, which allows attackers to bypass the registration process. The vulnerability is caused by improper validation of user-supplied input in the $_POST parameter. An attacker can exploit this vulnerability to gain access to the application without registering.
The vulnerability exists due to failure in the users editing script to properly verify the source of HTTP request. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Attacker can use browser to exploit this vulnerability.
User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the 'actions/add.php' script to properly sanitize user-supplied input in 'subject' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
A Cross-Site Request Forgery (XSRF) vulnerability exists in Super Multimedia Library 2.5.0, which allows an attacker to add an admin user to the system. An attacker can craft a malicious HTML form and submit it to the vulnerable application, which will add the specified user to the system without any authentication.
A buffer overflow vulnerability was found in Real Player 14.0.2.633 which can be exploited to cause a denial of service. A specially crafted AVI file can cause a buffer overflow when opened with Real Player, resulting in a denial of service.
Services By CQR