A remote SQL injection vulnerability exists in CMS Webmanager-pro. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerable parameters are 'lang_id' and 'menu_id' in the 'index.php' script.
Smeego is a Content Management System or Portal System written in PHP and designed to be easy to install and use. Smeego has a mature code and comes with cool modules and themes for you to start your own dynamic and database driven website. The vulnerability exists in the mainfile.php file, where the ‘lang’ parameter is not properly sanitized, allowing an attacker to inject arbitrary files from the server.
bsqlbf is a blind SQL injection tool written in Perl. It can be used to exploit a vulnerable web application and extract data from the database. It is capable of exploiting both GET and POST parameters. It can also be used to exploit a vulnerable web application and extract data from the database. It supports both blind and time-based SQL injection.
A vulnerability exists in How2ASP.net Webboard 4.1 which allows an attacker to inject arbitrary SQL commands. An attacker can exploit this vulnerability by sending a specially crafted SQL statement to the vulnerable application. This can be done by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the database.
WR-Meeting v1.0 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
The vulnerability exists due to insufficient validation of user-supplied input in 'force_download.php' script. A remote attacker can download arbitrary files from the vulnerable server.
This exploit allows an attacker to gain access to the Archangel Weblog 0.90.02 application by exploiting a SQL injection vulnerability. The exploit uses a UNION SELECT statement to concatenate the author_password column from the authors table and then uses the LIKE operator to match the author_password with the value of the author_password variable. The exploit then prints out the login and password of the news manager.
Vulnerability to install/newuser.php, to add 2 administrator. Folder install not removed in 70% of cases.
StanWeb.CMS is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.
This tool helps to find user accounts with weak SSH keys that should be regenerated with an unaffected version of openssl. The precalculated keys provided by HD Moore can be used to test the SSH keys.
Services By CQR