jPortal 2 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'id' parameter of the 'humor.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to '/show_vote.php' script. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive information.
PlainCart is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the admin panel. The attacker can send a malicious SQL query to the vulnerable parameter 'p' in the 'index.php' file. This can be exploited to gain access to the admin panel.
An attacker can inject arbitrary SQL commands into the 'area' parameter of the 'index.php' script. This can be exploited to disclose the version, database name and user name of the underlying database.
MyFWB 1.0 is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability to gain access to the username, password, email and secret key of the application. The exploit can be triggered by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL query in the 'page' parameter of the application.
Explay CMS version 2.1 and prior is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain administrative access to the CMS. The attacker can exploit this vulnerability by setting the login and pass cookies to 1.
Advanced Electron Forum also known as AEF Forum is a full featured online forum system written in php that allows webmasters and site owners to host their own discussion forums within their website. Unfortunately there are multiple remote code execution issues within AEF that allow for an attacker to execute arbitrary php code with privileges of the affected webserver. This is due to the improper handling of evaluated bbcode within AEF Forum. There is a serious security issue within AEF Forums that allows for forum users to easily execute arbitrary php code on the affected webserver. This issue is due to AEF Forums sending wildcard matches to the replacement parameter of preg_replace function, within double quotes, while the eval switch is present.
DESlock+ is vulnerable to a local kernel DoS attack due to a call to ProbeForRead with a user-definable address that is eventually overwritten (should have been ProbeForWrite). This vulnerability affects DLMFENC.sys 1.0.0.28.
A race condition between calls to ProbeForRead/ProbeForWrite and pointer use exists in DESlock+ version 3.2.7 and earlier. This can be exploited by a local attacker to cause a denial of service. The attacker can create a thread that continuously allocates and frees memory, and then use DeviceIoControl to send a request to the driver with a pointer to the memory. This can cause the driver to crash.
DESlock+ is a disk encryption software developed by Data Encryption Systems Ltd. It is vulnerable to a local kernel overflow vulnerability. This vulnerability allows an attacker to execute arbitrary code in kernel mode. The vulnerability is caused by a lack of proper validation of user-supplied input when handling IOCTL 0x0FA4204C. An attacker can exploit this vulnerability by sending a specially crafted IOCTL request with an overly long argument. This will cause a stack-based buffer overflow, resulting in arbitrary code execution in kernel mode.
Services By CQR