MyCard script version 1.0.2 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'gallery.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to the database and extract sensitive information.
PlugSpace v0.1 is prone to a local file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on the affected computer. This may lead to further attacks.
LnBlog is a cross-platform, file-based weblog/mini-CMS. A vulnerability exists in the showblog.php file of the LnBlog 0.9.0 version, which allows an attacker to include arbitrary local files via the 'plugin' parameter. This can be exploited to disclose sensitive information, such as the /etc/passwd file.
Function 'LoadXmlEmail()' in ChilkatMail_v7_9.dll allows us to execute file which leads to DoS in IE. Tested on IE 6,Win xp sp2.
The header.php.dist file exists and it has to be renamed into header.php as given in instructions. The vulnerability lies in line 201 of the header.php file, which includes the $sections_file variable without any sanitization.
E-Uploader Pro version 1.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The vulnerable application is vulnerable to both union-based and error-based SQL injection. The vulnerable application is also vulnerable to blind SQL injection. The vulnerable application is vulnerable to both GET and POST requests. The vulnerable application is vulnerable to both authenticated and unauthenticated users.
Joovili version 3.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable URL parameters. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
After registering a user can upload php files which can be accessed by changing the username in the exploit section.
Vbgooglemap Hotspot Edition 1.0.3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
X7 Chat version 2.0.5.1 is vulnerable to a Local File Inclusion vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'help_file' parameter of the 'help/mini.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary local files from the web server, resulting in the disclosure of sensitive information.
Services By CQR