Libra File Manager is vulnerable to an insecure cookie handling vulnerability. An attacker can exploit this vulnerability by setting the user and pass cookie values to 1. This will allow the attacker to bypass authentication and gain access to the application.
A vulnerability exists in the view.php file of the 212cafe Board application, version 0.07, which allows an attacker to inject arbitrary SQL commands. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'qID' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing an SQL injection payload to the vulnerable application. Successful exploitation could result in the attacker gaining access to sensitive information from the database.
A vulnerability exists in PromoteWeb MySQL, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'go.php' script. Magic Quote must be turned off for the exploit to work. The exploit can be triggered by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable server. The result of the SQL injection will appear in a new window with the URL http://[result]/.
A vulnerability exists in Ultimate Webboard 3.00, where a remote attacker can inject arbitrary SQL commands via the 'Category' parameter in the 'webboard.php' script. Magic Quote must be turned off for the attack to be successful. An example exploit URL is http://[Target]/[webboard]/webboard.php?Category=general'/**/UNION/**/SELECT/**/1,concat(user,0x3a3a,password),3,4,5,6,7,8/**/FROM/**/mysql.user/**/where/**/user='root
In File : LSTable.php In Line 21 : include( $class_dir.'/Table_template.php' ); An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the class_dir parameter. This URL can point to a malicious file hosted on a third-party server, which will be included and executed on the vulnerable server.
Atomic Photo Album 1.1.0pre4 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'apa_album_ID' parameter of the 'lalbum.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to execute arbitrary SQL commands in the context of the application's database.
LanSuite 3.3.2 is vulnerable to an arbitrary file upload vulnerability. This vulnerability allows an attacker to upload a malicious file to the server, which can be used to execute arbitrary code. The vulnerability exists due to insufficient validation of the uploaded file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious file to the vulnerable server.
Atomic Photo Album 1.1.0pre4 is vulnerable to SQL Injection and XSS attacks. An attacker can inject malicious SQL queries to gain access to the database and execute arbitrary code on the vulnerable system. An attacker can also inject malicious JavaScript code to gain access to the vulnerable system.
Open Source Web Content Management Systems openEngine version 2.0 beta4 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable code is located in the openengine.php file, which is included in the openEngine20 directory. The vulnerable code is the require() function, which is used to include the mysql.php file from the openengine/database directory. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server, which will include and execute the malicious file.
This module exploits a stack overflow in the Iconics Vessel / Gauge / Switch ActiveX controls. It is triggered when a maliciously crafted web page is loaded in Internet Explorer, which causes a buffer overflow in the DoModal() method of the vulnerable ActiveX control. This can result in arbitrary code execution.
Services By CQR