Entertainment directory is vulnerable due to a insecure mysql query. This allows the remote attacker to obtain user credentials from the database.
A vulnerability exists in Blogator-script 0.95 which allows an attacker to change the password of any user by exploiting the init_pass2.php file. The attacker can send a malicious request to the vulnerable file with the user ID and a new password, and the user's password will be changed.
Dragoon CMS is vulnerable to Local File Inclusion (LFI) vulnerability. The vulnerable code is present in the calendrier.php file which is located in the forum/kietu/libs/ directory. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a parameter 'cal[lng]' with a value of [LFI] which can be used to include arbitrary files from the server.
A SQL injection vulnerability exists in Blogator-script 0.95 due to improper sanitization of user-supplied input to the 'id_art' parameter in '/_blogadata/include/sond_result.php'. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames, passwords, and emails.
PIGMy-SQL is vulnerable to Blind SQL Injection due to insecure mysql querys, allowing an attacker to execute malicious sql querys. The vulnerable page only returns a picture, so a blind sql script is used to exploit the vulnerability.
This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request. Extra commands may be launched through this command shell, which runs as root on the remote host, by passing commands in the format '|<command>'.
Blogator-script is prone to a remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application. Successful exploits can allow attackers to compromise the application and the underlying system; other attacks are also possible.
PHP Photo Gallery is vulnerable due to insecure mysql querys. The below 'mysql injection' will display the admin username/password in plaintext.
Affiliate Directory suffers from insecure mysql querys, the script is widely published thoughout the web. The below injections can retrive the admin username and password.
Comdev News Publisher, suffers from insecure sql querys, which allows malicous users to pull data from the database and view admin/user passwords in plaintext.
Services By CQR