An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can allow the attacker to gain access to the underlying database and potentially execute arbitrary code.
BurnAware NMSDVDXU ActiveX Control is vulnerable to Remote Arbitrary File Creation/Execution. An attacker can exploit this vulnerability by using the CLSID {0355854A-7F23-47E2-B7C3-97EE8DD42CD8} and ProgID NMSDVDX.DVDEngineX.1 to create a malicious object and execute arbitrary code. This vulnerability was tested on Windows XP Professional SP3 with Internet Explorer 7.
The Ol Bookmarks Manager 0.7.5 is vulnerable to RFI, LFI and SQL Injection. The RFI vulnerability exists in the frame.php file in line 46, where the application includes a file specified in the framefile parameter. The LFI vulnerability exists in the read/frame.php file in line 46, where the application includes a file specified in the framefile parameter. The SQL Injection vulnerability exists in the read/index.php file, where the application is vulnerable to a SQL injection attack when the name and id parameters are supplied.
This exploit allows an attacker to add an admin user to the Rianxosencabos CMS 0.9. The attacker needs to provide the host, login, password, mail and user_id as arguments to the exploit. The exploit then creates a new user with the provided credentials and adds it as an admin user.
A remote SQL injection vulnerability exists in Hotscripts Clone, which allows an attacker to execute arbitrary SQL commands via the 'cid' parameter in the 'showcategory.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This can result in the disclosure of sensitive information from the database, such as usernames and passwords.
WebPortal version 0.7.4 and below is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server with malicious code in the 'code' parameter of the 'index.php?m=admin&f=console&action=execute' URL. This malicious code will be executed on the vulnerable server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'show' parameter to '/olbookmarks-0.7.5/show.php'. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes.
A SQL injection vulnerability exists in JETIK-WEB Software v1. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate the data in the database, disclose sensitive information, or even gain access to the underlying system.
iGaming CMS version 1.5 and below is vulnerable to multiple remote SQL injection attacks. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. This exploit uses the 'previews.php', 'reviews.php' and 'index.php' files to inject malicious SQL code into the database.
Sofi WebGui version 0.6.3 PRE and prior are vulnerable to a Remote File Inclusion vulnerability. The vulnerability is due to the 'mod_dir' parameter in the 'modstart.php' script not being properly sanitized before being used in an 'include' function call. This can be exploited to include arbitrary files from remote hosts.
Services By CQR