A vulnerability exists in Joomla Component (biblestudy) which allows an attacker to inject malicious SQL commands into the application. This can be exploited to gain access to the database and potentially gain access to sensitive information.
A buffer overflow vulnerability exists in FreeSSHD version 1.2.1. A remote attacker can exploit this vulnerability by sending a specially crafted packet with an overly long string to the SSH server, resulting in a denial of service or the execution of arbitrary code.
A vulnerability exists in Joomla Component prayercenter, which allows an attacker to perform a Remote SQL injection attack. This is done by sending a maliciously crafted HTTP request to the vulnerable application. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'path' parameter to 'social_game_play.php' script. This can be exploited to execute arbitrary PHP code by including a URL of a malicious script.
EasyWay CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the admin panel and extract sensitive information from the database. This exploit was discovered by Lidloses_Auge and coded by the same. The exploit can be used by using a dork inurl:index.php?css=mid=art= and then using the exploit with the target URL and user ID as arguments. The exploit will then extract the login and password of the user from the database.
bp blog is vulnerable to multiple blind SQL injection vulnerabilities. The vulnerability exists in the template_permalink.asp and template_archives_cat.asp files. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameters. This can allow the attacker to gain access to sensitive information from the database.
PassWiki is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The vulnerability is an SQL injection vulnerability in the read.php file. The output is displayed as INT, so the attacker has to convert it into ASCII and scan every single letter to get the whole name. The MySQL data is stored in the Counterpath/variables.php file.
AzureSites CMS is vulnerable to multiple vulnerabilities, including SQL Injection and Insecure Cookie Handling. The count of columns for the SQL Injection could be different, and some of them are Blind Injections. For the Insecure Cookie Handling, the ID depends on the UserID, and the Admin Panel can be found at [Target]/azureadmin/index.php.
A SQL Injection vulnerability was discovered in Social Site Generator, which allows an attacker to gain access to the admin credentials. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'sgc_id', 'scm_mem_id' and 'catid' parameters in the 'display_blog.php', 'social_my_profile_download.php' and 'social_forum_subcategories.php' scripts. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameters. This can allow the attacker to gain access to the admin credentials.
Services By CQR