A vulnerability exists in Joomla Component simpleshop, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the 'catid' parameter in the 'browse' task not being properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL code in the context of the webserver process.
A SQL injection vulnerability exists in showpost.php due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database. Multiple XSS vulnerabilities exist in register.php, reminder.php, and search.php due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to inject arbitrary HTML and script code into the application's web pages.
This exploit allows an attacker to download a file from a remote location to an arbitrary location on the target system. The exploit is triggered by a maliciously crafted HTML page that contains a malicious JavaScript code. The code uses the Akamai Download Manager ActiveX control to download the file from the remote location to the arbitrary location on the target system.
This exploit is for Joomla Component EasyBook 1.1. It is a SQL injection vulnerability that allows an attacker to gain access to the admin credentials. The exploit is done by sending a POST request to the index.php page with the option parameter set to com_easybook, Itemid set to 1, func set to deleteentry, gbid set to -1 union select 1,2,concat(0x3A3A3A,username,0x3a,password,0x3A3A3A),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from jos_users/* and md set to the md parameter. The response will contain the admin login, hash and salt.
The PHP-Address Book application is vulnerable to SQL Injection and XSS attacks. An attacker can exploit the SQL Injection vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The XSS vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable application.
This Module Exploits a stack overflow in the authentication mechanism of NSI Doubletake which is also rebranded as hp storage works Vulnerability found by Titon of Bastard Labs.
This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. The attacker can use this vulnerability to gain access to sensitive information stored in the database, such as user credentials, or to modify or delete data.
A vulnerability exists in 1Book Guestbook Script, where an attacker can inject malicious code in the variable $message and $username and then access the data.php file with the malicious code to execute arbitrary code.
This exploit is a blind SQL injection vulnerability in the Joomla Component JooBlog. It allows an attacker to extract the MD5 hash of the admin password by exploiting a vulnerable parameter in the 'index.php' file. The exploit uses a loop to iterate through the characters of the MD5 hash and uses the 'substring' function to extract the characters one by one.
Everyone can change admin password, edit all the site info., such as admin email address, edit all the site design, mailbomb others, Reflected XSS attack by circumventing the ASP.Net XSS denier (Path disclosure on the open error mode), Redirect Reflected XSS Attack In 'SB_redirect' parameter, Content Sender Spoofing, Mailbombing.
Services By CQR