Hivemaker is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input in the "id" parameter. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL commands.
DUcalendar is a free event calendar written in ASP. It has a vulnerability that allows for remote SQL injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the detail.asp page with the iEve parameter. For MS SQL Server, the query is convert(int,(select+@@version))-- and for MS Access, the query is IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'done')%00.
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to various scripts.
ShareCMS 0.1 is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords stored in the database.
A vulnerability exists in Demo4 CMS Beta01 (fckeditor) which allows an attacker to upload arbitrary files to the server. This is due to the lack of proper validation of the uploaded file type. The vulnerable code is located in the /[path]/fckeditor/editor/filemanager/upload/php/upload.php file.
An attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked.
Typically used for remotely exploitable vulnerabilities that can lead to system compromise.
This exploit sends a malicious payload to the target host using the Range header in an HTTP request. This payload is designed to cause a denial of service on the target host.
Joomla Component Com_Facileforms is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application.
A vulnerability exists in Demo4 CMS Beta01, where an attacker can inject arbitrary SQL commands via the 'id' parameter in the index.php file. This exploit can be used to get the username and password (no encryption) of the application.
Services By CQR