e107 Plugin Akira Powered's 'Image Gallery' is vulnerable to a remote SQL-injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'page' and 'image' parameters in the 'image_gallery.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database.
Data Encryption Systems Ltd.’s DESlock+ Virtual Token Driver version 1.0.2.43 contains a vulnerability that can be exploited to cause a denial of service. The vulnerability is due to the driver failing to properly validate user-supplied input when handling certain IOCTLs. An attacker can exploit this vulnerability by sending a specially crafted IOCTL to the driver, resulting in a denial of service condition.
Rianxosencabos CMS 0.9 has Vulnerability to escalate user to administartor's privilege. That Vulnerable in 'http://[Target]/[rsccms_path]/?s=admin&accion=lista' and You can Arbitrary change user's permission or delete user. This action will give your account can use All Admin Control Panel with Administrative's Privilege or Arbitrary Delete account in website.
Availscript Jobs Portal Script is vulnerable to a remote file upload vulnerability. An attacker can register as an employer and upload a malicious file to the server. This can be done by visiting the registeremp.php page and logging in. Then, the attacker can visit the editlogo.php page and upload a malicious file such as a shell.php file.
Diesel Job Site is prone to a blind SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries by supplying malicious input to the vulnerable parameter. This can result in the manipulation or disclosure of arbitrary data from the back-end database.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can use the ‘singerid’ parameter to inject malicious SQL code into the application. This can allow the attacker to gain access to the database and potentially execute arbitrary code on the server.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
The 'configure' file in TWiki's bin folder is vulnerable to code execution and local file inclusion. According to TWiki's documentation this file is meant to be protected with .htaccess, but many a times you find it is not. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server.
A SQL injection vulnerability exists in Basic PHP Events Lister, which allows remote attackers to execute arbitrary SQL commands via the id parameter in a event.php request.
UT3, as any other game based on the Unreal engine, has an internal web server called uWeb for controlling the own server remotely using a web browser. This interface is disabled by default and in the case of UT3 are needed the additional files located on http://ut3webadmin.elmuerte.com (choice made by Epic for fixing possibly issues more quickly). In the last 1.3 patch released the 13th August 2008 has been made a bad and unusual modification to uWeb. In fact the WebAdmin component is composed by two sub components/classes called UTServerAdmin (used for everything) and UTImageServer used only for the handling of the HTTP requests for the files in the /images folder. In the script of the ImageServer component in version 1.3 has been made the following change which has removed the limitation of downloading only files with the extentions JPG, JPEG, GIF, BMP and PNG.