This exploit is based on a vulnerability in PHP-Fusion version 7.00.2 which allows an attacker to inject malicious SQL commands into the application. The exploit is a blind SQL injection which means that the attacker can not see the output of the SQL query, but can determine the output by sending different SQL queries and analyzing the response of the application.
A vulnerability in the Joomla com_5starhotels module allows an attacker to inject arbitrary SQL commands via the 'id' parameter in a 'showhoteldetails' action to the 'index.php' script.
A Blind SQL injection vulnerability exists in Joomla Component com_liveticker(tid). An attacker can send a malicious SQL query to the vulnerable parameter 'tid' in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries, and disclose the contents of the database.
Joomla Component com_ice(catid) is vulnerable to Blind SQL injection. An attacker can inject malicious SQL code in the 'catid' parameter of the vulnerable component. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords.
A local heap overflow vulnerability exists in BulletProof FTP Client v2.63 (Build 56). An attacker can exploit this vulnerability by sending a specially crafted FTP request containing 1000 'A' characters. This will cause a heap overflow and overwrite the EIP register, allowing the attacker to execute arbitrary code.
The GET Parameter 'ref_id' in 'repository.php' contains a Blind SQL Injection Vulnerability. Usertable: usr_data, Important columns: usr_id, login, passwd. Example: http://www.site.com/repository.php?cmd=frameset&ref_id=1+and+ascii(substring((select+passwd+from+usr_data+limit+0,1),1,1))>50--
A CSRF vulnerability exists in Doop version 1.4.0b which allows an attacker to change the admin password. An attacker can also upload a shell to the vulnerable application and use it to gain access to the system.
A Blind SQL Injection vulnerability exists in the Joomla Component com_allhotels (id) which allows an attacker to inject malicious SQL queries into the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and potentially gain access to sensitive information.
A Blind SQL Injection vulnerability exists in the Joomla Component com_lowcosthotels (id) which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive information such as usernames and passwords.
A proof-of-concept exploit was released for Google Chrome Browser (ChromeHTML://) remote parameter injection. The exploit was tested against Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, and Microsoft Windows XP SP3. The exploit was released by Nine:Situations:Group::bellick&strawdog and was hosted on the website http://retrogod.altervista.org/. The exploit was released on 2008-12-23.
Services By CQR