This vulnerability allows an attacker to remotely change the admin password of a WordPress website if registration is enabled. The attacker first registers an account with the username 'admin' followed by 55 spaces and the letter 'x'. This creates a duplicate 'admin' account in the database. The attacker then requests a password reset for the duplicate account and the password is changed, but the new password is sent to the correct admin email.
Altrasoft Forum is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin and user credentials. The POC for admin credentials is index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- and for user credentials is index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--. Live demo for admin credentials is http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- and for user credentials is http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--.
Masir Camp is an advanced website management and content management software. It is vulnerable to SQL Injection in the 'veiworderstatus' parameter of the 'ordercode' parameter. An attacker can exploit this vulnerability by sending a malicious HTTP request with a crafted 'ordercode' parameter, such as 'foo' or 1=(select top 1 UserName from UserInfoView)-- or 'foo' or 1=(select top 1 Password from UserInfoView)--.
The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted HTTP request (NO necessary authentication), which will cause the HTTP service on the system to crash.
SMF leaks current state of random number generator through hidden input parameter `sc` of the password reminder form. Since max random number generated with rand() on win32 is 32767 and session id is known an attacker can reverse the md5 hash and get the random number value. On win32 every random number generated with rand() is used as a seed for the next random number. So if SMF is installed on win32 platform an attacker can predict all the next random numbers. When password reset is requested SMF uses rand() function to generate validation code.
A vulnerability in Flock Social Web Browser 1.2.5 allows remote attackers to cause a denial of service (application crash) via a crafted web page that triggers an infinite loop in the addPanel, AddFavorite, and external.AddFavorite functions.
Integramod 1.4.x versions have a backup folder where the daily database backups are stored. The coders of Integramod forgot to secure this folder, allowing anyone to access the database backups directly. Some versions have an index.html in the folder, but it is easy to get the backups anyway because they are always stored in the same format: backup-yyyy-dd-mm.sql
Vastal I-Tech Dating Zone is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This module exploits a stack overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect v5, v6 and v7.
A vulnerability in Metascortex Security was discovered by John Doe in 2020. The vulnerability allows an attacker to gain access to sensitive information stored in the system. The vulnerability is caused by a lack of proper authentication and authorization checks.