LightBlog 9.8 is vulnerable to multiple Local File Inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the affected system, which can lead to further attacks. The vulnerabilities exist due to insufficient sanitization of user-supplied input passed to the 'username' parameter in 'view_member.php', 'username_post' parameter in 'login.php' and 'Lightblog_username' cookie in 'check_user.php' scripts. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing directory traversal sequences and a URL-encoded NULL byte (%00) to the vulnerable scripts.
A vulnerability in Limbo CMS (Private Messaging Component) allows remote attackers to inject arbitrary SQL commands via the 'id' parameter in a 'index.php?option=pms&page=open' call. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'makale.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication, gain access to sensitive data, modify data, etc.
A SQL injection vulnerability exists in the Joomla component ds-syndicate. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. This is done by sending a specially crafted HTTP request to the vulnerable application containing malicious SQL statements in the 'feed_id' parameter.
e107 presents a vulnerability in userssettings.php (line 363-395), a POST array ($_POST['ue']) goes into an update query, it cleans the values of this array but not the keys name. As the return value of the update query isn't checked, an attacker can use a blind benchmark() method to exploit the vulnerability.
This exploit uses Blind SQL Injection in 'itemID' of rGallery to extract the password from the database. It uses a loop to iterate through the characters of the password and then prints the hash of the password.
This exploit allows an attacker to upload a malicious shell to the vulnerable Vivvo CMS server. The exploit is based on the vulnerability in the backup directory of the CMS, which allows an attacker to upload a malicious shell to the server.
BitTorrent 6.0.3 is vulnerable to a stack buffer overflow vulnerability when processing specially crafted .torrent files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
A Local File Include (LFI) vulnerability exists in yappa-ng Version 2.3.2. An attacker can exploit this vulnerability to include local files on the vulnerable system. This can be exploited to disclose sensitive information, execute arbitrary code, and perform other attacks.
Fast CLick SQL Lite version 1.1.7 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a maliciously crafted URL with the vulnerable parameter CFG[CDIR] set to an arbitrary file on the server. This allows an attacker to execute arbitrary code on the vulnerable server.