A SQL injection vulnerability exists in WebChamado 1.1 due to improper sanitization of user-supplied input to the 'tsk_id' parameter in the 'lista_anexos.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL code and gain access to sensitive information from the database.
This exploit allows an attacker to include a malicious file from a remote server by using the 'section' parameter in the URL. The attacker can include a shell file as a jpg file with a size not bigger than 50kb. The malicious file can be included by using the URL http://example.de/path/?section=../path/to/image%00
This exploit allows an attacker to delete a category or account from Butterfly Organizer 2.0.0. The attacker can send a GET request to the category-delete.php or delete.php page with the name of the category or the ID of the account as a parameter.
Mambo Component galleries v 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The exploit involves sending a specially crafted HTTP request to the application, which contains malicious SQL code in the 'aid' parameter. This code is then executed in the backend database, allowing the attacker to gain access to the admin panel.
This Exploit will Add user to administrator's privilege and you will get password from email.
A vulnerability exists in Butterfly Organizer 2.0.0 which allows an attacker to inject malicious SQL commands and execute them in the backend database. An attacker can also inject malicious JavaScript code into the application to perform XSS attacks. The vulnerable code is present in view.php, viewdb2.php, category-rename.php and module-contacts.php files.
Remote File Inclusion (RFI) is a type of vulnerability that allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can allow an attacker to access files on the server, execute arbitrary code, or even cause a denial of service.
This exploit allows an attacker to gain access to the admin credentials of a vulnerable website running Clever Copy. It works by sending a malicious request to the results.php page of the website, which contains a SQL injection vulnerability. The exploit then parses the response for the admin username and password, which are returned in an encrypted format.
Facil-CMS 0.1RC is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious input in the change_lang and modload parameters. This can allow an attacker to read sensitive files from the server, such as the boot.ini file.
snmpv3_exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem (on multiple vendor). It was written by Maurizio Agazzini and published on Mediaservice.net Srl.
Services By CQR