A vulnerability in PHP iCalendar version 2.24 allows an attacker to set arbitrary cookies by using a specially crafted JavaScript code. This can be used to bypass authentication and gain access to the application.
A SQL injection vulnerability exists in WSN Links 2.20. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database.
A SQL injection vulnerability exists in WSN Links 2.23 and 2.22. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the back-end database, allowing the attacker to bypass authentication and gain access to sensitive data.
This Exploit will Add user to Administrator's Privilege.
A vulnerability in the view.php file of the Article Script allows an attacker to inject arbitrary SQL commands. An attacker can exploit this issue by manipulating the 'v' parameter in a malicious manner when requesting the vulnerable page. This can allow the attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and possibly compromise the underlying system.
Rianxosencabos CMS 0.9 is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain access to the admin panel of the CMS. The attacker can exploit this vulnerability by setting the cookie values of the usuario and pass parameters to 1.
A vulnerability in 6rbScript V3.3 allows an attacker to include local files on the server. This is possible due to the lack of input validation and the fact that magic quotes and open_basedir are disabled on the server. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, such as site.il/section.php?name=../../../../etc/passwd.
PHP iCalendar version 2.24 is vulnerable to Local File Inclusion (LFI) and File Upload. An attacker can upload a calendar file (with .ics extension) into /calendars directory and include the uploaded file using the same LFI bug found by rgod. The restricted access to this script isn't properly realized, so an attacker might be able to exploit this vulnerability.
A vulnerability exists in NetArtMedia Real Estate Portal v2.0 which allows an attacker to inject malicious SQL queries via the 'mod' and 'ad' parameters in the 'index.php' file. An attacker can exploit this vulnerability to gain access to the administration panel by sending a specially crafted HTTP request to the vulnerable application.
NetArtMedia Jobs Portal 1.3 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The vulnerable files are index.php and login.php. The PoC for the exploit is /index.php?mod=search&job=-666 union select 1,2,3,4,5,username,password,8,9,10,11,12,13,14 from websiteadmin_admin_users and /index.php?page_id=-1&news_id=-666 union select 1,2,username,password,5,6 from websiteadmin_admin_users.
Services By CQR