A SQL injection vulnerability exists in Zanfi CMS lite / Jaw Portal free. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the application database and potentially compromise the application and the underlying system.
The phpVID 1.1 The video sharing script is vulnerable to Blind SQL Injection in the 'groups.php' in the 'cat' parameter and Cross Site Scripting in 'search_results.php'. The POC for Blind SQL Injection is http://www.site.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4 and for Cross Site Scripting is http://www.site.com/search_results.php?query=[XSS]
This exploit allows an attacker to take over the admin account of a Wordpress website running version 2.6.1. The attacker must create rainbow tables to make the exploit work in a real world scenario. The attacker must also make sure they are running the same version of PHP as the server. The exploit works by registering a new admin user with a randomly generated email address.
This exploit allows an attacker to upload arbitrary files to the vulnerable server. The vulnerability exists in the album.asp page, which allows an attacker to upload a file with the action parameter set to 'upload'. This allows an attacker to upload malicious files to the server, which can then be used to gain access to the server.
This exploit allows an attacker to upload arbitrary files to a vulnerable web application. The vulnerability exists in the zanfi 1.2 web application, which allows an attacker to upload a malicious file to the web server. The exploit is triggered when the attacker sends a POST request to the upload.php file with the malicious file as a parameter. If the request is successful, the malicious file will be uploaded to the web server.
This exploit allows an attacker to add a new admin with their own credentials by exploiting a SQL injection vulnerability in Libera CMS version 1.12. The exploit uses a cookie to inject malicious SQL code into the application. The attacker can then use the new admin credentials to gain access to the application.
This exploit uses a vulnerability in the PAWWeb11.ocx ActiveX control to execute arbitrary code on the target system. The exploit code is written in VBScript and uses the ExecutePreferredApplication method of the PAWWeb11.ocx control to execute the code. The code is tested on Peachtree Accounting 2004 and Windows XP with Internet Explorer 6.
Zanfi CMS lite / Jaw Portal free is vulnerable to multiple local file inclusion. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'flag' or 'inc' parameter. This can allow an attacker to read arbitrary files on the server.
Availscript Classmate Script is prone to a remote SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information that may lead to further attacks. The attacker can also gain access to the administrator account by exploiting this issue.
Multiple vulnerabilities exist in Availscript Photo Album, including SQL Injection in the 'sid' parameter of 'pics.php' and Cross Site Scripting in the 'sid' parameter of 'pics.php' and the 'a' parameter of 'view.php'.
Services By CQR