ASPired2poll is vulnerable to a database disclosure vulnerability. An attacker can access the ASPired2poll.mdb database file which contains sensitive information such as usernames and passwords.
PHP Support Tickets v2.2 is prone to a remote file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary PHP code and execute it in the context of the webserver process.
A remote SQL injection vulnerability exists in Banner Exchange Java, allowing an attacker to bypass authentication by sending the username and password as 'r0' or '1=1--'
Feed CMS 1.07.03.19 Beta is vulnerable to a local file inclusion vulnerability due to a lack of sanitization of user-supplied input to the 'lang' parameter in the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary local files from the web server and execute arbitrary code.
eZ Publish OS Commanding executing exploit is a zero-day exploit that allows an attacker to execute arbitrary OS commands on the vulnerable eZ Publish versions 3.x. The exploit requires the attacker to have the login credentials of an existing admin on eZ Publish. The attacker can then use the exploit to send a malicious payload to the target eZ Publish admin interface and execute arbitrary OS commands.
MyCal Personal Events Calendar is prone to a database disclosure vulnerability because it fails to properly restrict access to the 'mycal.mdb' database file. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
PhpAddEdit 1.3 is vulnerable to a login bypass vulnerability. An attacker can bypass the authentication process by setting the 'addedit' cookie to the username of the admin. This can be done by using the following javascript code: javascript:document.cookie = 'addedit=[adminuser]; path=/';
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'editform' parameter to '/addedit-render.php' script. A remote attacker can include a file from a remote server, cause a denial of service, access potentially sensitive information, or execute arbitrary code on the vulnerable system.
A SQL injection vulnerability exists in CF_FORUM, which allows an attacker to execute arbitrary SQL commands via the 'topicnbr' and 'categorynbr' parameters in the 'forummessages.cfm' script.
A Blind SQL Injection vulnerability exists in CFMBLOG. An attacker can send a specially crafted HTTP request to the vulnerable application in order to exploit this vulnerability. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
Services By CQR