EggBlog v4.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to bypass authentication and retrieve passwords in plain-text.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'vara' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the application with administrative privileges.
Fascript Photo Gallery is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
EasyNews-40tr is vulnerable to multiple remote vulnerabilities such as SQL Injection, XSS and LFI. The XSS vulnerability can be exploited by sending a malicious script to the vulnerable parameter in the URL. The SQL Injection vulnerability can be exploited by sending a malicious SQL query to the vulnerable parameter in the URL. The LFI vulnerability can be exploited by sending a malicious file path to the vulnerable parameter in the URL.
Neat weblog 0.2 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL query that is executed by the application.
This exploit was found by IOActive Security Advisory, and is a trivial exploit for win32. The only problem is that the mod_jk2 firstly downcases all letters in the Host header request. Metasploit v3 has solutions for this case, such as using a non-upper encoder or a non-alpha encoder. This exploit uses the first variant and works well.
There is a bug in jgs_treffen.php 2.0.2 and lower which allows an attacker to inject malicious SQL code into the vulnerable application. The PoC for this exploit is jgs_treffen.php?action=ansicht&view_id='-1/**/UnIoN/**/All/**/SeLeCt/**/1,2,CoNcAt(email,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/bb1_users/*
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'filename' parameter to '/body.php'. This can be exploited to disclose the contents of arbitrary files on the affected system by passing a path to the file in the 'filename' parameter.
A malicious .DOC file can be used to cause a denial of service in Windows Explorer when it is browsed. The exploit has been tested on Windows XP Service Pack 1 and Service Pack 2.
A remote SQL injection vulnerability exists in the Wordpress Plugin Download file. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'dl_id' in the 'wp-download.php' file. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Services By CQR