A vulnerability in the WEBBDOMAIN Quiz script allows an attacker to bypass authentication by entering 'admin' as the username and 'Hakxer' as the password.
A vulnerability in the WEBBDOMAIN Poll script allows an attacker to bypass authentication by entering the username 'admin' or '1=1' and the password 'Hakxer'. This allows the attacker to gain access to the admin panel.
A vulnerability in the WEBBDOMAIN Petition script allows an attacker to bypass authentication by entering 'admin' as the username and 'Hakxer' as the password.
CMS-School 2005 is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Vibro-School CMS (nID) is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to inject malicious SQL code into the application, which can be used to gain access to the database and potentially gain access to sensitive information. The vulnerability exists due to the lack of proper input validation in the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code.
Joomla Component ProDesk versions 1.0 and 1.2 are vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'include_file' parameter to the vulnerable application. This can allow an attacker to include arbitrary files from the web server, which can lead to remote code execution.
Discovered by StAkeR[at]hotmail[dot]it, the vulnerability allows an attacker to include local files on the server by using a null byte injection. Magic_Quotes_GPC must be off for the attack to be successful.
Vibro-CMS is prone to multiple remote SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit these issues to manipulate SQL queries, disclose sensitive information, modify data, and potentially compromise the application and the underlying database. The issues are present in the 'view_pagina.php', 'view_sub-pagina.php', and 'view_news.php' scripts.
post Card v 1.01 http://webbdomain.com/php/postcarden/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin-- post Card v 1.02 http://webbdomain.com/php/postcardir/choosecard.php?catid=-1002+union+select+concat(username,0x3a,password),2,3+from+admin--
com_ongumatimesheet20 version 4 Beta is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the mosConfig_absolute_path parameter. This can allow an attacker to execute arbitrary code on the vulnerable system.
Services By CQR