DUdForum 3.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
A vulnerability in Joomla Component expshop allows an attacker to inject arbitrary SQL commands via the 'catid' parameter in the 'show_payment' page. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary commands.
A SQL injection vulnerability exists in phpauction-gpl Version3.2 Version, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'item.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.
OFFL 0.2.6 and prior versions, suffer from multiple insecure mysql querys. SQL Injections below, there are various other spots which are injectable too... including " leagues.php?league_id=1' ", " players.php?player_id=190' ". For Admin: http://site.com/teams.php?fflteam_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT(username,0x3a,password)/**/FROM/**/users/**/WHERE/**/admin=1/**/LIMIT/**/0,1/* For Users: http://site.com/teams.php?fflteam_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT(username,0x3a,password)/**/FROM/**/users/**/LIMIT/**/0,1/*
LE.CMS suffers from a arbitrary file upload vulnerability which allows an attacker to upload any file to the server. This exploit will upload any file to the server.
This exploit allows an attacker to upload arbitrary files to the LaserNet CMS version 1.5. The exploit works by sending a POST request to the upload.php file in the FCKeditor directory. If the file upload is enabled, the attacker can upload any file to the server. If the file upload is disabled, the exploit will fail.
This exploit retrives the admin username/password via blind mysql injection.
The Aprox CMS Engine in version 5 (tested in 1.0.4) is vulnerable to an attack in the way of a Local File Inclusion (LFI). The exploitation has been tested on a local webserver, using Apache HTTPD 2.2.8 + MySQL 5.0.51a (XAMPP for Windows) on Windows Vista Premium. As seen in the index.php files source code, the script checks for the parameter 'id' to be set. However, the script makes sure 'page' parameter has been set and is unequal NULL. Then the script checks if the files does exist, using the extension *.inc. The script includes the file, which is specified in the 'page' parameter, allowing an attacker to include any file they want.
An attacker can delete any post from the eNews 0.1 application by sending a crafted HTTP request to the delete.php script with the id of the post to be deleted as a parameter.
This Vulnerability can upload malicious files direct to web server. An attacker can exploit this vulnerability by sending a POST request with malicious JavaScript code to the target server.
Services By CQR