A SQL injection vulnerability exists in Pixel8 Web Photo Album v3.0. An attacker can send a malicious HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the vulnerable parameter. This can be exploited to disclose the content of the back-end database.
The Vacation Estate Listing Blind SQL Injection vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This can be done by manipulating the 'editid1' parameter of the 'properties_view.php' page. An attacker can use the substring() function to check the version of the database server. For example, 'properties_view.php?editid1=2 and substring(@@version,1,1)=4' and 'properties_view.php?editid1=2 and substring(@@version,1,1)=5' can be used to check the version of the database server.
CMScout 2.06 is vulnerable to both Remote SQL Injection and Local File Inclusion. For Remote SQL Injection, an attacker must be logged in as a normal user and add a download. For Local File Inclusion, vulnerable code in admin.php and index.php can be exploited.
A vulnerability exists in Flexphpic 0.0.4 & Flexphpic Pro 0.0.3 due to improper sanitization of user-supplied input in the 'username' and 'password' parameters of the 'usercheck.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL code into the application, allowing them to bypass authentication and gain access to the application.
The vulnerability exists due to insufficient sanitization of user-supplied input in the '$checkuser' and '$checkpass' parameters in the '/[path]/admin/usercheek.php' script. This can be exploited to bypass the authentication process and gain access to the administrative panel. Additionally, the 'install.php' script can be used to inject arbitrary PHP code into a .php file.
A malicious attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries in the vulnerable parameter and execute arbitrary SQL commands in the database. This can be used to bypass authentication, access, modify and delete data in the back-end database.
An attacker can bypass authentication by uploading a malicious file to the server using the vulnerable file upload feature. The attacker can then execute arbitrary code on the server by accessing the malicious file.
eDNews v2 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. This issue affects version 2; other versions may also be vulnerable.
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.
This exploit opens the port 4444. Thanks to Metasploit for Shellcode.
Services By CQR