This exploit allows an attacker to inject malicious SQL code into the vulnerable SazCart application. The vulnerable parameter is the 'prodid' parameter in the 'details' page. By exploiting this vulnerability, an attacker can gain access to the database, user, and version information.
Admidio 1.4.8 is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive files on the server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'file' parameter of the 'get_file.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to read arbitrary files on the server.
The MiniBloggie application is vulnerable to an arbitrary delete post vulnerability. An attacker can delete any post from the application by sending a crafted HTTP request to the del.php page with the post_id parameter set to the ID of the post to be deleted and the confirm parameter set to yes.
A vulnerability in cyberfolio 7.2 allows remote attackers to include and execute arbitrary files via a URL in the rep parameter to derniers_commentaires.php.
SazCart 1.5.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.
vShare Youtube Clone v2.6 is vulnerable to a remote SQL injection vulnerability in the 'group_posts.php?tid' parameter. An attacker can exploit this vulnerability to gain access to the admin credentials, including the username, email address and password.
Administrator Login to creative web panel is vulnerable to SQL injection. Attackers can bypass the admin panel login by using username: 'or' 1=1 and password: 'or' 1=1.
Runcms <= 1.6.1 is vulnerable to a SQL injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the vulnerable system.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Terminal Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the TPKT length field. By sending a specially crafted packet with an overly large length field, an attacker can cause a stack-based buffer overflow. This can be leveraged to execute arbitrary code under the context of the SYSTEM user.
ezContents CMS Version 2.0.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords. The vulnerable code is present in the showdetails.php and printer.php files. An attacker can exploit this vulnerability by sending a specially crafted HTTP GET request to the vulnerable files. The payloads used in the exploit are: showdetails.php: $strQuery = "SELECT * FROM ".$GLOBALS["eztbContents"]." WHERE contentname ='".$HTTP_GET_VARS["contentname"]."' AND language='".$GLOBALS["gsLanguage"]."'"; printer.php: $strQuery = "SELECT * FROM ".$GLOBALS["eztbContents"]." WHERE contentname ='".$HTTP_GET_VARS["article"]."' AND language='".$GLOBALS["gsLanguage"]."'";
Services By CQR