An attacker can bypass the authentication process of webClassifieds™© 2005 by entering ' or '1=1 as the username and password.
If we log in correctly, a cookie is set with name "logged_in" and as content the username name. An attacker can exploit this vulnerability by setting the cookie content to the username's password. The exploit code is javascript:document.cookie = "logged_in=admin_username; path=/" where admin_username is the nick of the administrator.
This exploit allows an attacker to upload a malicious file to the server, which can be used to gain access to the server.
A vulnerability in ForumApp V3.3 allows an attacker to remotely disclose the database of the application. This vulnerability is due to the application not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable application. Successful exploitation will result in the disclosure of the application's database.
A SQL injection vulnerability exists in the blog system of PHP-Fusion Mod TI. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input in the 'blog_id' parameter of the 'blog.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to the database and execute arbitrary SQL commands.
If we log in correctly, a cookie is set with name "username" and as content the username name. An attacker can exploit this vulnerability by setting the cookie with the administrator's username, allowing them to gain access to the admin panel.
AlstraSoft Web Email Script Enterprise (id) is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
FubarForum version 1.6 suffers from a remote SQL injection vulnerability. This vulnerability allows an attacker to inject arbitrary SQL code into the application. This can be exploited to gain access to the database and to execute arbitrary commands on the server.
A vulnerability exists in ChilkatSocket.DLL and ChilkatFTP.dll v3.0.0.2 which allows an attacker to create arbitrary files on the system. This is achieved by using the SaveLastError() method of the ChilkatSocket.DLL object. An attacker can use this vulnerability to create malicious files on the system.
DeluxeBB is vulnerable to a blind SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as user credentials. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'username' parameter of the 'misc.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database and extraction of sensitive information.
Services By CQR