Keller Web Admin is prone to a local file inclusion vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on the affected computer. This issue may lead to further attacks.
Orca Interactive Forum Script is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The vulnerability is caused due to a boundary error when processing the 'format' keyword of Sun TAAC files. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted Sun TAAC file.
This vulnerability allows an attacker to gain access to the admin and members information of the website. The attacker can exploit this vulnerability by sending a crafted malicious URL to the vulnerable website. The URL contains a malicious SQL query which is injected into the vulnerable parameter. This malicious query will return the admin and members information of the website.
An attacker can exploit a SQL injection vulnerability in the Drinks Website to gain access to the admin and members login information. The attacker can use the following URL to exploit the vulnerability: www.site.me/patch/drinks/drink.php?drinkid=-99999+union+select+0,concat(login,0x3a,password)+from+admin_login/* for admin info and www.site.me/patch/drinks/drink.php?drinkid=-99999+union+select+0,concat(login,0x3a,password)+from+users/* for members info.
An attacker can exploit a SQL injection vulnerability in the Jokes Website to gain access to the admin and members login information. The attacker can use the following URL to exploit the vulnerability: www.site.me/patch/joke.php?jokeid=-9999999+union+select+0,concat(login,0x3a,password),2,3,4,5,6,7+from+admin_login/* for admin info and www.site.me/patch/joke.php?jokeid=-9999999+union+select+0,concat(login,0x3a,password),2,3,4,5,6,7+from+users/* for members info.
An attacker can exploit a SQL injection vulnerability in the Riddles Website to gain access to the admin and members login information. The attacker can use the following URL to exploit the vulnerability: www.site.me/patch/riddle.php?riddleid=-999999+union+select+concat(login,0x3a,password),1,2,3,4,5,6+from+admin_login/* for admin info and www.site.me/patch/riddle.php?riddleid=-999999+union+select+concat(login,0x3a,password),1,2,3,4,5,6+from+users/* for members info.
Galmeta Post CMS is vulnerable to multiple local file inclusion vulnerabilities when using the POST method. An attacker can exploit these vulnerabilities by sending maliciously crafted POST requests to the vulnerable application. This can allow an attacker to include arbitrary files from the local system, such as the boot.ini file.
The kroax php_fusion Remote SQL-injection is a vulnerability that allows an attacker to inject malicious SQL commands into a vulnerable web application. An attacker can use this vulnerability to gain access to sensitive information such as usernames and passwords. The exploit involves using a Google Dork to find vulnerable websites and then using two SQL commands to gain access to the username and password of the website. The first command is used to find the username and the second command is used to find the password.
PolyPager <= 1.0rc2 is vulnerable to multiple remote vulnerabilities. The first vulnerability is a SQL injection vulnerability which allows an attacker to dump username and password in clear text. The second vulnerability is a XSS vulnerability which allows an attacker to inject malicious JavaScript code.
Services By CQR