The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'listingid' and 'ad' parameters to the 'showad.php' and 'pfriendly.php' scripts. A remote attacker can execute arbitrary SQL commands in the application's database, compromise the application, access or modify data, exploit vulnerabilities in the underlying database and in certain cases gain access to the server.
QuickTicket is vulnerable to a remote SQL injection vulnerability due to insufficient sanitization of user-supplied input. The vulnerability exists in the qti_usr.php script, where the 'id' parameter is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information from the database, such as user credentials.
A vulnerability exists in Joomla com_candle component which allows an attacker to inject arbitrary SQL commands via the 'cID' parameter in a 'index.php' script. This can be exploited to gain access to the database and potentially compromise the system.
This exploit allows an attacker to upload a malicious file to the victim's server by bypassing the regex used to control the $login value. The attacker can then execute arbitrary code on the server.
This exploit adds a new zKup admin by sending malicious code to the vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'cid' parameter of the 'viewcat.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrative panel.
This vulnerability allows remote attackers to cause a denial of service (crash) and change the color of the ICQToolbar in Internet Explorer. The vulnerability is due to a boundary error when handling a specially crafted GetPropertyById request. This can be exploited to cause a stack-based buffer overflow via an overly long string passed to the GetPropertyById method of the ICQToolbar ActiveX control (855F3B16-6D32-4FE6-8A56-BBB695989046).
The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'op' and 'sid' parameters in 'glossaires-p-f.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrative panel.
WEBrick Httpd server has directory traversal security vulnerability. WEBrick is an HTTP server library written in Ruby that uses servlets to extend its capabilities. Built into WEBrick are four servlets, handling CGI, ERb, file directories, and a generic Proc servlet. Ruby on Rails uses WEBrick as a quick and easy webserver to start developing your Rails applications. However, for whatever ease of development WEBrick adds to your application, it is generally considered not suitable for any production environment. The vulnerability is caused due to an input validation error in the WEBrick::HTTPServlet::FileHandler servlet when handling requests for files. This can be exploited to download arbitrary files from the server by sending a specially crafted HTTP request. Successful exploitation requires that the attacker knows the exact path of the file to be downloaded.
A remote SQL injection vulnerability exists in Mitra Informatika Solusindo cart. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the vulnerable system. This can be exploited to gain access to sensitive information stored in the database, modify data, or even execute system commands.
Services By CQR