A vulnerability in the My_eGallery module of PHP-Nuke allows remote attackers to inject arbitrary SQL commands via the gid parameter in a modules.php?op=modload&name=My_eGallery&file=index&do=showgall&gid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/* request.
The barryvan compo manager is a PHP, Smarty and MySQL-based system for running, organising, and maintaining competitions. It is particularly designed for use within the computer music 'scene'. The barryvan compo manager presents a variable 'pageURL' not definited in the main.php file (and all files require it). This can be exploited by passing an evil code in the 'pageURL' variable, for example http://www.example.com/main.php?pageURL=[Evil_Code].
Podcast Generator version 1.0 BETA 2 is vulnerable to Remote File Inclusion and File Disclosure. The vulnerable files are loadparser.php, admin.php, categories.php, categories_add.php, categories_remove.php, edit.php, editdel.php, ftpfeature.php, login.php, pgRSSnews.php, showcat.php, upload.php, archive_cat.php, archive_nocat.php, recent_list.php, themes.php and download.php. An attacker can exploit these vulnerabilities to include malicious files from remote locations and disclose sensitive information from the server.
SiteBuilderElite1.2 present a variable 'CarpPath' not definited in this file files/carprss.php and files/amazon-bestsellers.php which is exploitable by the variable 'CarpPath' for example http://www.example.com/files/carprss.php?CarpPath=[Evil_Code]
A vulnerability in Koobi Pro 5.7 allows remote attackers to inject arbitrary SQL commands via the categ parameter in a downloads request to index.php.
EazyPortal is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and retrieve sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'session_vars' cookie.
A SQL injection vulnerability exists in Mambo Simpleboard Forum Component 1.0.3 Stable (com_simpleboard). An attacker can send a specially crafted HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database, allowing the attacker to bypass authentication and gain access to unauthorized data.
Wordpress Plugin Sniplets 1.1.2 is vulnerable to Remote File Inclusion, Cross-Site Scripting and Remote Code Execution. The Remote File Inclusion vulnerability is due to the lack of proper sanitization of user-supplied input in the 'libpath' parameter of the '/modules/syntax_highlight.php' script. This can be exploited to include arbitrary files from remote locations by using a URL in the 'libpath' parameter. The Cross-Site Scripting vulnerability is due to the lack of proper sanitization of user-supplied input in the 'text' parameter of the '/view/sniplets/warning.php', '/view/sniplets/notice.php', '/view/sniplets/inset.php' and '/view/admin/submenu.php' scripts. The Remote Code Execution vulnerability is due to the lack of proper sanitization of user-supplied input in the 'text' parameter of the '/modules/execute.php' script. This can be exploited to execute arbitrary PHP code.
This exploit allows an attacker to bypass authentication and create an admin account on Nukedit 4.9.x and prior versions. The exploit uses a SQL injection vulnerability in the login page to bypass authentication and then uses the useradmin.asp page to create an admin account with the username and password of the attacker's choice.
Apple MACOS X xnu <= 1228.3.13 ipv6-ipcomp remote kernel DoS POC is a vulnerability in Apple MACOS X xnu <= 1228.3.13 which allows an attacker to cause a denial of service. ipcomp6_input does not verify the success of the first call to m_pulldown (m -> md typo?). This bug exists in ipcomp4_input, but an explicit check is made to ensure there is enough space for the struct ipcomp.
Services By CQR