When a user visits the index.php page with a malicious SQL query, it is possible to inject malicious code into the database. Additionally, the uploader.php page can be used to upload malicious files, and the admin page can be bypassed to gain admin privileges.
A vulnerability exists in KTP Computer Customer Database CMS version 1, which allows an attacker to perform a blind SQL injection attack. The vulnerability is due to insufficient sanitization of user-supplied input in the 'tid' parameter of the 'vtech' action of the 'tech' module. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, potentially resulting in the manipulation or disclosure of arbitrary data. Authentication is not required to exploit this vulnerability.
A vulnerability in KTP Computer Customer Database CMS version 1 allows for local file inclusion leading to remote command execution.
The Active Business Directory v 2 is vulnerable to a SQL injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the underlying database. By sending a specially crafted HTTP request to the vulnerable application, an attacker can exploit this vulnerability to gain access to sensitive information stored in the database.
A SQL injection vulnerability exists in Active timebilling, which allows an attacker to execute arbitrary SQL commands via the username and password parameters in the Account.asp page.
When Using Remote Desktop Password Decoder in Cain and Importing '.rdp' file contains long Chars(ex:8250 chars), the Program Will crash. This Poc Will Gonna Overwrite the Pointer to next SEH With '42424242' and The SE Handler with '43434343'.
This exploit allows an attacker to reset the admin password of OpenForum 0.66 Beta by sending a POST request to the admin_users.php page with the new password in the parameters.
Active Bids, a software developed by www.activewebsoftwares.com, is vulnerable to a Remote Blind SQL Injection vulnerability. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable server. An attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable server, such as http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=1 and http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=0. An attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords.
A Blind SQL Injection vulnerability was discovered in ActiveVotes v 2.2, which is a web-based voting system developed by www.activewebsoftwares.com. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Oramon is vulnerable to a bypass config download vulnerability. This vulnerability allows an attacker to download the configuration file of the application, which contains the database username and password. This vulnerability is due to the fact that the application does not properly validate user-supplied input. An attacker can exploit this vulnerability by directly requesting the configuration file.
Services By CQR