An attacker can exploit a SQL injection vulnerability in Injader CMS 2.1.1 by sending a specially crafted HTTP request to the vulnerable server. The vulnerable parameter is 'id' in the 'feeds.php' script. The attacker can use the UNION operator to extract data from the database. The attacker can also use the CONCAT() function to extract the username and password from the 'maj_users' table.
ESET Smart Security is a security suite for the Windows platform. It includes an antivirus, antispyware, anti-spam and personal firewall. The Eset Personal Firewall driver (epfw.sys) is vulnerable to a local privilege escalation attack. The vulnerability is caused due to a lack of proper validation of user-supplied data, which can be exploited by local attackers to gain elevated privileges.
Vulnerability exists for the reason that direct access to some files, around logicians of work of the appendix is possible. It gives the chance to redefine internal variables which are transferred as arguments in function include (). For vulnerability operation the following options PHP are required: register_globals=On and magic_quotes_gpc=Off. The appendix everywhere does not check the variables transferred from outside of the user. It allows to carry out any SQL Injection and Cross-site Scripting.
I-Rater Basic is vulnerable to SQL-injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
2532|Gigs 1.2.2 Stable Remote Command Execution Exploit is an exploit that allows an attacker to execute arbitrary commands on a vulnerable system. The exploit works regardless of the php.ini settings. The exploit is triggered by sending a specially crafted POST request to the calcss_edit.php file. The POST request contains a payload that is written to the calendar.css file, which is then executed by the vulnerable system.
A vulnerability exists in Gigs 1.2.2 Stable, which allows an attacker to bypass authentication by sending a specially crafted request to the vulnerable application. This is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to gain unauthorized access to the application.
2532|Gigs v1.2 Stable is vulnerable to Local File Inclusion and Remote File Upload. The vulnerable files are settings.php, deleteuser.php, mini_calendar.php, manage_venues.php and manage_gigs.php. The Local File Inclusion vulnerability can be exploited by passing a malicious file in the language parameter. The Remote File Upload vulnerability can be exploited by uploading a malicious file. The script does not check the file extension before upload.
Create a file called name.php and fill it with GIF89aP;[shell], save and upload it.
A vulnerability in QuickerSite Easy CMS allows an attacker to access the database file QuickerSite.mdb, which contains sensitive information such as usernames and passwords.
This exploit is used to gain access to the Lizardware CMS version 0.6.0 and below. It uses a blind SQL injection vulnerability to gain access to the user table in the database. The exploit takes three parameters: the domain, the table prefix, and the user ID. It then uses a loop to iterate through the characters of the user's password, sending a request for each character. If the response time is greater than 6 seconds, the character is added to the password string.
Services By CQR