XOOPS Module Uploader 1.1 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability to include local files on the server. This can be done by sending a specially crafted HTTP request to the vulnerable application. The attacker can include local files on the server by using the 'filename' parameter in the 'downloadfile' action. For example, an attacker can send a request to the vulnerable application as http://localhost/modules/uploader/index.php?action=downloadfile&filename=../../../../../../../../../../../../../../../../etc/passwd to include the '/etc/passwd' file on the server.
This exploit is used to extract the MD5 hash of a user's password from a Joomla Component yvcomment. It uses a UNION SELECT statement to extract the password from the jos_users table. The exploit takes the host, path, userid, article id, and a character as parameters and checks if the substring of the password matches the character. If it does, it prints the character to the screen.
Using Web Proxy (Web Scarab, Burb Proxy, etc...) to intercept URI and then changing detail in GET request for this URI, an attacker can view phpinfo.php in PHPInv page. Additionally, an attacker can inject malicious JavaScript code in the search.php (keyword) parameter.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'fID' parameter to '/read.asp' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
A vulnerability in the Joomla Component GameQ allows an attacker to inject arbitrary SQL commands. This is done by manipulating the 'category_id' parameter in a 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
This exploit is based on a proof-of-concept (POC) by securfrog and is used to exploit a vulnerability in FreeSSHD 1.2.1. The exploit sends a malicious payload to the target system, which then allows the attacker to gain remote access to the system. The exploit is tested on Windows XP SP2 and Windows Vista Ultimate, with the offset for SEH overwrite being 3 bytes greater in Windows Vista.
A vulnerability in Black Ice Software Inc Barcode SDK (BIDIB.ocx) allows an attacker to download arbitrary files and corrupt memory by using the DownloadImageFileURL method. The vulnerability is due to the lack of input validation when handling the parameters of the DownloadImageFileURL method. An attacker can exploit this vulnerability by crafting a malicious URL and passing it as a parameter to the DownloadImageFileURL method. This will allow the attacker to download arbitrary files and corrupt memory.
A vulnerability exists in the SIP channel driver when run in pedantic mode, which can be exploited by sending a specially crafted INVITE request to the affected system. Successful exploitation may allow an attacker to cause a denial of service.
A vulnerability in Joomla Component joomladate allows remote attackers to inject arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
SQL Injection vulnerability in Power Phlogger (it is PHP/MySQL logging tool via counters). To make SQL Injection attack you need to be logged into your account, which can be freely obtained via open registration form. With this query you will receive id, login and password (hash) of first user.
Services By CQR