A vulnerability exists in Real Estate Portal v1.2, which allows an attacker to inject malicious SQL queries via the 'ad_id' parameter in the 're_send_email' module. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.
Nero ShowTime is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Nero ShowTime 5.0.15.0 is vulnerable, prior versions may also be affected.
A vulnerability exists in Goople Cms (1.7) which allows an attacker to upload arbitrary files on the server. An attacker can exploit this vulnerability by setting the 'loggedin' cookie to '1' and then uploading a malicious file on the server. The malicious file can be accessed at http://SITE/user/doc/FILE.
An attacker can exploit a SQL injection vulnerability in the PHP Classifieds Script to gain access to the admin panel. The attacker can access the datadump.sql file located in the admin/backup directory and read the admin name and password from the 'admin' table.
MODx CMS version 0.9.6.2 is vulnerable to Remote File Inclusion (RFI) and Cross-Site Scripting (XSS). An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The RFI vulnerability exists in the snippet.reflect.php file in the assets/snippets/reflect/ directory. The XSS vulnerability exists in the index.php file in the main directory. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server.
A Blind SQL Injection vulnerability exists in PG Job Site homepage.php. An attacker can send a specially crafted HTTP request to the vulnerable application in order to exploit this vulnerability. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
An attacker can bypass authentication by using the username 'real_admin_name' ' or ' 1=1 and the password ZoRLu. Generally, the admin username is 'admin' and the attacker can use the username 'admin' ' or ' 1=1-- and the password ZoRLu to bypass authentication.
An authentication bypass vulnerability exists in PG Real Estate Solution. An attacker can exploit this vulnerability by supplying a specially crafted username and password. The username should be the real admin name followed by ' or ' 1=1 and the password should be ZoRLu. Generally, the admin name is 'admin'. The exploit for demo is to login to http://www.realtysoft.pro/realestate/demo/admin/index.php with username 'admin ' or ' 1=1--' and password ZoRLu.
NetArtMedia Cars Portal is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
Logg youself like a normal user, and then go to: /win/content/upload.php and upload your php shell after go to: /user/doc/shell.php
Services By CQR