A vulnerability exists in Pilot Online Training Solution which allows an attacker to inject arbitrary SQL commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the database, modify data, or execute system level commands.
Two exploits were found in Pro Chat Rooms version 3.0.3. The first exploit is a SQL injection vulnerability in the index.php file, which can be exploited by sending a specially crafted HTTP request to the vulnerable application. The second exploit is a SQL injection vulnerability in the admin.php file, which can be exploited by sending a specially crafted HTTP request to the vulnerable application.
PHPcounter is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database, user and version information. This is achieved by sending a specially crafted HTTP request to the vulnerable application.
Input passed to the 'id' parameter in default.aspx and txtSearch in search section are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The Google chrome browser is vulnerable to window object based denial of service attack. The Google Chrome fails to sanitize a check when window.close() function is called in body upload. The function is called in a suppressed manner and kills the parent window directly by default which makes it vulnerable to denial of service attack. This inability of Google Chrome diversifies the attack pattern as number of events can execute this function without a security check,prompting a user to allow the event to trigger. This security issue is a result of design flaw in the browser as function show stringent behavior in many cases. Scripts must not close windows that were not opened by script,if script specific code is designed. There must be a parent window confirmation check prior to close of window.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing the attacker to access sensitive information.
A vulnerability exists in X7 Chat Version 2.0.1 which allows an attacker to include a local file via the help_file parameter in the mini.php script. An attacker can exploit this vulnerability to gain access to sensitive information or execute malicious code.
Yoxel is a hidden gem. This Open Source project provides customer/business focused Agile Product Management tools in PHP. The vulnerability exists in the itpm_estimate.php and estimate_inc.php files. An attacker can inject malicious code into the eval() function in these files, allowing them to execute arbitrary code on the server. This vulnerability does not work if the attacker is not logged in to Yoxel.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
PowerPortal 2 is prone to a local directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view arbitrary files from the underlying file system, potentially resulting in the disclosure of sensitive information. This issue affects version 2.0.0.0; other versions may also be vulnerable.
Services By CQR