It is possible to set the 'cms_language' value in order to view the /etc/passwd file.
A Blind SQL Injection vulnerability was discovered in the Merchantsadd.asp page of ASPReferral software from www.activewebsoftwares.com. An attacker can exploit this vulnerability to gain access to the database and execute malicious SQL queries.
The vulnerability is a Blind SQL Injection vulnerability which can be exploited by sending a crafted HTTP request with a malicious payload. The malicious payload can be sent in the form of a URL parameter, such as 'site.com/?Action=Cat&ID=40%20and%201=1 true' or 'site.com/?Action=Cat&ID=40%20and%201=0 false'. This can be exploited using automated tools such as sqlmap.
This exploit allows an attacker to gain access to the admin user of the CMS little application. The exploit is possible due to a vulnerability in the index.php file, which allows an attacker to inject malicious SQL code into the 'term' parameter. The exploit requires the magic_quotes_gpc to be set to off.
This exploit allows an attacker to retrieve the database configuration of All Club CMS <= 0.0.2. The exploit is done by sending a GET request to the accms.dat file. The attacker can then parse the response to get the database configuration.
The Web Calendar System v 3.22/3.40/3.05/3.23 is vulnerable to multiple exploits such as XSS, remote bypass exploit and remote SQL injection. An attacker can exploit these vulnerabilities by sending a malicious payload in the form of a POST request to the vulnerable website. The payload can be used to bypass authentication and gain access to the website. Additionally, an attacker can use the payload to inject malicious code into the website, which can be used to steal sensitive information such as cookies.
A vulnerability in Abysssec inc (abysssec.com) JSP allows attackers to execute arbitrary commands with administrator privileges. This is done by uploading a file with abysssec.jsp and executing the command. This vulnerability was discovered by abysssec.com.
A vulnerability exists in Booking Centre 2.01 which allows an attacker to bypass authentication by entering the username as 'admin' or '1'='1' and any password. This allows the attacker to gain access to the application.
Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
A vulnerability exists in the Basic PHP CMS application due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database. This can be exploited to manipulate data, disclose sensitive information, and compromise the application and the underlying system.
Services By CQR