A SQL injection vulnerability exists in Ovidentia 6.6.5, which allows an attacker to execute arbitrary SQL commands via the 'idx' parameter in a 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.
Ppim v1.0 has two vulnerabilities, one is related to change password and other is related to upload. For change password, the user can go to the link http://localhost/ppim/changepassword.php and write their password and confirm it. For upload, the user can go to the link http://localhost/ppim/upload.php and upload a php shell. After that, they can go to http://localhost/ppim/shell.php to access the uploaded shell.
A remote SQL injection vulnerability exists in ZeeBuddy v2.1(adid). An attacker can send a specially crafted HTTP request to the vulnerable script bannerclick.php with the parameter adid to execute arbitrary SQL commands and gain access to sensitive information in the back-end database. The vulnerable script is located at http://www.zeescripts.com.
When an attacker sends a malicious SQL query to the vulnerable web application, the application can be tricked into executing unintended commands or revealing sensitive data.
An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify data, or execute system level commands.
PHP-Ring Webring System suffers from insecure cookie handling, when a admin login is successful the script creates a cookie to show the rest of the admin area the user is already logged in. The bad thing is the cookie doesn't contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are logged in as a legit admin.
txtSQL 2.2 Final is vulnerable to a Remote File Include vulnerability, which can be exploited by remote attackers to gain system access. This vulnerability is typically used for remotely exploitable vulnerabilities that can lead to system compromise.
This is a proof-of-concept exploit for a remote SQL injection vulnerability in Quicksilver Forums 1.4.1. The exploit sends a malicious POST request to the vulnerable application, which then returns the username and password of the first user in the database. The exploit is written in PHP and requires the host and path of the vulnerable application as parameters.
This vulnerability allows remote attackers to inject arbitrary web script or HTML via the target parameter in the object tag. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
e107 is a popular full featured content management system written in php. Unfortunately e107 suffers from an arbitrary variable overwriting issue within it's download.php file that allows a number of possible attacks to happen including, but possibly not limited to, arbitrary php code execution and SQL Injection. No authentication is required to exploit the issue and it can be exploited regardless of php magic quotes settings.
Services By CQR