LiteNews version 1.2 is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
Maian Guestbook suffers from a insecure cookie vulnerability where the admin panel only checks if the cookie exists.
SQL Injection in "/news.php" or "/news_body.php" in "news_id" parameter and Reflected XSS attack in "/links.php" in "cat" parameter.
Dayfox Blog is prone to a local file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to include arbitrary local files from the host system, potentially resulting in the disclosure of sensitive information. This vulnerability affects the 'cat' and 'p' parameters of the 'index.php' script, and the 'archive' parameter of the 'archive.php' script.
Include this in any webpage or xss & see it with any browser, wait ~15sec, and boom.
This exploit is a blind SQL injection vulnerability in the Joomla Component EZ Store. It allows an attacker to extract the MD5 hash of the admin password from the database. The exploit requires the attacker to know the category value and product id of the target website.
A remote denial of service (DoS) vulnerability exists in Xerox Phaser 8400 printers due to an empty packet sent to the printer causing it to reboot. This vulnerability was tested successfully on four printers.
IntelliTamper contains a remote buffer overflow vulnerability. The HTML parser, more precise the image tag fails to preform boundary checks on supplied data.
Vulnerability hides in 'download.php', which can be used to download any file. Script does not filter global params, it only checks whether local file exists.
K-Links Directory is vulnerable to SQL-INJECTION and XSS. An attacker can exploit the vulnerability by sending a malicious SQL query to the vulnerable parameter in the report, visit, addreview and refer page. An attacker can also exploit the XSS vulnerability by sending a malicious script to the login_message parameter in the index page.
Services By CQR