A SQL injection vulnerability exists in PRE PODCAST PORTAL, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in Tour.php. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords from the database.
A vulnerability exists in phpBB Mod Small ShoutBox 1.4 which allows an attacker to remotely execute code. This is due to the application not properly sanitizing user-supplied input to the 'id' parameter in the 'shoutbox_view.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an SQL query to the vulnerable script. This can allow the attacker to delete or edit messages, as well as perform a blind SQL injection attack.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the util.printf() JavaScript function. This function does not properly validate the length of user supplied data before copying it to a fixed length stack buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user.
SMF suffers from multiple vulnerabilities. Combining some of them, we can obtain a remote code execution on the remote host. The admin is supposed to go on this URL http://[website]/SMF/index.php?action=packages;sa=install2;package=[filename] (1) and since $_REQUEST['package'] is not checked, we can install any package we want, even a malicious one.
Way Of The Warrior is vulnerable to Local/Remote File Inclusion. The vulnerability is due to the 'plancia' parameter in 'visualizza.php' and 'crea.php' scripts not properly sanitized before being used to include files. This can be exploited to include arbitrary files from local resources and remote resources by passing an URL as a parameter.
TR News version 2.1 is vulnerable to a Remote Login ByPass exploit. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'login_ad' parameter of the 'admin/login.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with malicious SQL code in the 'login_ad' parameter. This will allow the attacker to bypass authentication and gain access to the administrative panel.
The vulnerability exists due to insufficient sanitization of user-supplied input to the 'page' and 'page_file' parameters in 'includefile.php' script. A remote attacker can include arbitrary local files and execute arbitrary PHP code on the vulnerable system.
An authentication bypass vulnerability exists in WebbDomain Web Postcards. An attacker can exploit this vulnerability to bypass authentication and gain access to the admin panel. The attacker can use the username 'admin' or '1=1' and the password 'x0r' to gain access.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can be done by appending malicious SQL statements to the vulnerable parameter that is passed to the application. This can allow an attacker to gain access to the database and potentially gain access to sensitive information.
A vulnerability in WEBBDOMAIN Webshop allows an attacker to bypass authentication by using the username 'admin' or '1=1' and the password 'Hakxer'. This vulnerability affects all versions of the software.
Services By CQR