VirtueMart Google Base Component 1.1 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary code on the vulnerable system.
Multi Languages WebShop Online is vulnerable to SQL Injection and Cross-Site Scripting (XSS). An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords, or to execute malicious scripts in the user's browser.
TBmnetCMS v1.0 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to view sensitive files on the server, such as the /etc/passwd file. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'content' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to view sensitive files on the server, such as the /etc/passwd file.
pppBlog version 0.3.11 and below is vulnerable to system file disclosure due to improper input validation. An attacker can exploit this vulnerability to read arbitrary files from the server. The vulnerable code is present in randompic.php at lines 66-72. The PoC for this vulnerability is randompic.php?files[0]=[file] and randompic.php?files[0]=../../../../../../../../../../etc/passwd. This exploit was tested on localhost with register_globals = On.
The MatPo Link 1.2b script is vulnerable to Blind SQL Injection and Cross Site Scripting. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow an attacker to gain access to sensitive information from the database or execute malicious scripts in the user's browser.
A vulnerability in Apoll version beta 0.7 allows an attacker to bypass authentication by providing a username of [real_admin_or_user_name] ' or ' 1=1 and leaving the password field empty. This exploit was discovered by ZoRLu in 2008 and was published on milw0rm.com.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL queries in the vulnerable parameter and execute arbitrary SQL commands in the back-end database. This can be used to bypass authentication, access, modify and delete data within the database.
Acc PHP eMail v1.1 is vulnerable to insecure cookie handling. An attacker can inject arbitrary cookies into the application and gain access to the admin panel. The attacker can inject the cookie NEWSLETTERLOGIN=admin and gain access to the admin panel.
A vulnerability in AccStatistics v1.1 allows an attacker to gain administrative access by setting a cookie with the username_cookie parameter set to 'admin'.
A vulnerability exists in Acc Real Estate v4.0 which allows an attacker to inject malicious JavaScript code into the username_cookie parameter of the /admin/Index.php page. This can be exploited to gain administrative access to the application.
Services By CQR