In simple words, an attacker can exploit the vulnerability by sending a malicious URL to the victim. The malicious URL contains a malicious script which is executed in the victim's browser. The malicious script can be used to steal sensitive information from the victim's browser or to execute malicious code on the victim's machine.
A vulnerability in the Business Turnkey Arcade Script (index.php id) allows an attacker to inject arbitrary SQL commands. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The attacker can also use the vulnerability to gain access to the underlying file system and execute commands.
PageTree CMS version 0.0.2 BETA 0001 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'GLOBALS[PT_Config][dir][data]' parameter in the 'admin/plugins/Online_Users/main.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
A vulnerability exists in Hotels Group software, where a remote attacker can inject arbitrary SQL commands via the HotelID parameter in hotel_habitaciones.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A vulnerability in Star Articles 6.0 allows an attacker to upload a malicious file to the server. The attacker can exploit this vulnerability by registering for the website, logging in, editing their profile, clicking the ‘Browse’ button, selecting a malicious file, and uploading it. The attacker can then access the malicious file by right-clicking on their profile photo and copying the link. The attacker can then access the malicious file by entering the link into their browser.
A remote SQL injection vulnerability exists in the Prince Comparison Script Shopping card. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerable parameter is 'subcategory_id' which can be found in the URL http://willscript.com/rjbike_new/product.php?category_id=1&subcategory_id=[$qL].
This vulnerability is a Format String (wscanf) bug in i.Scribe smtp client v 1.88 to 2.00 beta. It allows an attacker to execute arbitrary code on the vulnerable system. The attacker must first enable the php_sockets.dll extension in php.ini or open a netcat listener on port 25. The attacker then connects to the vulnerable system using the i.Scribe smtp client and sends a malicious string containing the %n format specifier. This will cause the vulnerable system to write the address of the stack frame to the stack, allowing the attacker to overwrite the return address and execute arbitrary code.
The familyproject script version 2.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted login and password to the application. For example, login: ' or 1=1 or 'r and pass: ' or 1=1 or 'r can be used to exploit this vulnerability.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'DisplayFormat' and 'Sort' parameters of the 'default.asp' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Additionally, the vulnerability can be exploited to disclose the 'o12con.mdb' database and to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A vulnerability exists in stararticles which allows an attacker to inject SQL commands into a vulnerable web application and execute arbitrary queries in the back-end database. This can be exploited to manipulate the content of the database, disclose sensitive information, or even gain access to the underlying system.
Services By CQR