A vulnerability in Real Estate Listings allows an attacker to bypass the authentication process and gain access to the admin panel.
The Drinks Script is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords.
Pre Job Board Pro (id) is vulnerable to a remote admin bypass vulnerability. This vulnerability allows an attacker to gain access to the admin panel without authentication. This is due to a lack of authentication check in the admin panel. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application.
A vulnerability exists in Pre Simple CMS which allows an attacker to bypass authentication by entering the username 'admin' and the password 'or 1=1' into the login form. This allows the attacker to gain access to the administrative panel of the CMS.
A SQL injection vulnerability exists in PHP Auto Listings Script. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application's database.
A remote file inclusion vulnerability exists in com_dadamail version 2.6. The vulnerable file is administrator/components/com_dadamail/config.dadamail.php, which includes the file default.php from the same directory. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote host.
As reported in the project website, "PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). [...] PTK is not just a new graphic and highly professional interface based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation". PTK is included within the SANS Investigative Forensic Toolkit (SIFT) Workstation. This application is vulnerable to multiple input validation attacks. The possibility to exploit these findings introduces several malicious scenarios. For instance, a criminal may abuse this specific vulnerability to modify the evidence of the crime, compromising the digital investigation workstation. Even if the original evidence should be accessed only in read-only mode, using also hardware write blockers according to forensic best practices, several malicious scenarios are possible with just the alteration of the working copy image. Additionally, a payload could be crafted to hide, or alter, just the information presented to the analyst, something which would not be evident unless the same image is analyzed with a tool not vulnerable to the attack. In our research, we have developed a reliable Proof-of-Concept in order to exfiltrate data from the system.
Pre Classified Listings PHP version is vulnerable to insecure cookie handling. An attacker can exploit this vulnerability by setting the adminname and adminid cookie values to admin. This will allow the attacker to gain access to the admin panel.
Pre Multi-Vendor Shopping Malls is vulnerable to insecure cookie handling and SQL injection. An attacker can inject malicious code into the cookie and gain access to the admin panel. An attacker can also inject malicious SQL code into the buyer_detail.php page to gain access to the admin credentials.
An attacker can inject malicious code into the cookie of the admin panel of the PRE SHOPPING MALL website. This can be done by using the javascript code: document.cookie = "adminname=admin" and document.cookie = "adminid=admin".
Services By CQR