The vulnerability exists due to insufficient sanitization of user-supplied input in the 'uid' parameter of the 'forgotpass.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the application's database. Also, the application discloses the database file 'helpdesk2000.mdb' which contains sensitive information.
Realtek Sound Manager (rtlrack.exe v. 1.15.0.0) is vulnerable to a buffer overflow attack. By sending a specially crafted playlist file, an attacker can overwrite the EIP register and execute arbitrary code. This vulnerability affects Windows XP Pro SP3 Ita.
Nukedit 4.9.8 is vulnerable to a remote database disclosure vulnerability. An attacker can access the database file (dbsite.mdb) by sending a request to the /database/dbsite.mdb path. This can lead to the disclosure of sensitive information stored in the database.
This exploit allows an attacker to gain access to the username and password of the administrator of the Free Links Directory Script V1.2a. The vulnerability exists due to the lack of input validation in the 'report.php' script, which allows an attacker to inject malicious SQL code into the 'linkid' parameter. The exploit sends a specially crafted HTTP request with a malicious 'Cookie' header, which contains the value 'logged=d0ml4bs'. The malicious SQL code is then injected into the 'linkid' parameter, which allows the attacker to gain access to the username and password of the administrator.
A vulnerability in Web Wiz Guestbook v8.21 allows an attacker to remotely access the WWGguestbook.mdb database. This can be done by accessing the URL http://site.com/[Path]/database/WWGguestbook.mdb. The vulnerability can be found by using the dork webwizguestbook_license.asp.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the '/download.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to sensitive information from the database, modify data, or exploit further vulnerabilities in the underlying SQL server.
The Click&Rank application is vulnerable to SQL Injection, Authentication Bypass and Cross Site Scripting. An attacker can exploit these vulnerabilities by sending malicious input to the application. For SQL Injection, an attacker can send malicious input to the hitcounter.asp, user_delete.asp and user_update.asp pages. For Authentication Bypass, an attacker can use the username and password as ' or '1'='1. For Cross Site Scripting, an attacker can send malicious input to the user.asp page.
The ClickAndEmaiL application is vulnerable to SQL Injection, Authentication Bypass and Cross Site Scripting. An attacker can exploit the SQL Injection vulnerability by sending a crafted URL to the application. The Authentication Bypass vulnerability can be exploited by sending a crafted username and password. The Cross Site Scripting vulnerability can be exploited by sending a crafted URL to the application.
The Click&BaneX application is vulnerable to SQL Injection and Authentication Bypass. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the application and execute malicious SQL queries.
An attacker can exploit a SQL injection vulnerability in cfagcms Beta 1 to gain access to sensitive information such as user credentials, database name, and version. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'title' parameter of the 'right.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to sensitive information from the database.
Services By CQR