Maian Events v2.0 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mevents_admin_cookie, equals admin username(md5). An exploit can be achieved by setting the cookie value to md5(the username). For example, 21232f297a57a5a743894a0e4a801fc3 = admin
Maian Car v1.1 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mccart_cookie, equals admin username(md5). An exploit can be done by setting the cookie value to md5(the username). For example, 21232f297a57a5a743894a0e4a801fc3 = admin
A malformed INVITE or OPTIONS message to the repro SIP proxy/registrar can crash the process. The crash is caused by an assertion failure that occurs when the domain name in the request line URI is too long (rutil/dns/DnsStub.cxx, line 493). For example, the URI may be 'sip:bob@example.comAAAAAAA...', where 'sip:bob@example.com' is followed by 256 As.
This exploit is a remote code execution vulnerability in TrixBox 2.6.1. It allows an attacker to inject malicious code into the session file, which is then executed by the server. This exploit was discovered by Jean-Michel BESNARD and published by Offensive Security. It requires the attacker to have access to the target server and the ability to send crafted HTTP requests.
Million Pixels 3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to gain access to the database and potentially gain access to sensitive information.
A buffer overflow vulnerability exists in Core Image Fun House, due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability by supplying a specially crafted XML file, which can lead to arbitrary code execution. This vulnerability is related to CVE-2008-067.
Wysi Wiki Wyg 1.0 is vulnerable to PHPInfo Disclosure, Local File Inclusion (LFI) and Cross Site Scripting (XSS). An attacker can exploit these vulnerabilities by sending a crafted request to the vulnerable application. For PHPInfo Disclosure, an attacker can send a request to index.php?categup=isset. For Local File Inclusion (LFI), an attacker can send a request to index.php?c=../../../&a=etc/passwd%00. For Cross Site Scripting (XSS), an attacker can send a request to index.php?c=wikiwizi&a=recherche&s=<script>[Javascript]</script>.
File Store PRO 3.2 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the "id" parameter of the "confirm.php" script. An attacker can inject malicious SQL queries into the "id" parameter and execute them in the context of the web server user. This can be exploited to gain access to the database and extract sensitive information.
A vulnerability exists in phpDatingClub which allows an attacker to include a file from the local system. The vulnerability is due to the website.php script not properly sanitizing user-supplied input to the 'page' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary files from the local system, resulting in the disclosure of sensitive information.
A vulnerability in gapicms v9.0.2 allows remote attackers to include arbitrary files via a URL in the dirDepth parameter to ktmlpro/includes/ktedit/toolbar.php.
Services By CQR