An attacker can exploit a SQL injection vulnerability in Joomla's com_garyscookbook component to gain access to sensitive information from the application's database. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information from the application's database.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords. The attacker can also use this vulnerability to modify the content of the database.
Quinsonnas Mail Checker 1.55 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'op[footer_body]' parameter of the 'footer.php' script. This can allow the attacker to execute arbitrary code on the vulnerable system.
The vulnerability exists in the files server_request.php and smarty.inc.php in line 2 and 1 respectively. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to include a remote file containing arbitrary code, which can be executed on the vulnerable server.
The vulnerability exists in the ezmlm.php and update_translations.php files, which allow an attacker to include a remote file via the _SESSION[path] parameter.
A remote SQL injection vulnerability exists in NukeC Module's Version 2.1 for PHP-Nuke. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database server via the 'id_catg' parameter in the 'modules.php' script.
OSSIM is a free implementation of Security Information Management (SIM) system, equipped with many useful security tools (nessus, snort, p0f, ntop, ...) managed from easy-to-use web panel. The bug exists in portname parameter of modifyportform.php, which allows an attacker to obtain hashed administrator password when user have rights to do port modification in 'PORTS' tab. Quotes in OSSIM aren't property sanitized, allowing an attacker to execute XSS without logging into the OSSIM.
news.php?id=-3+union+select+1,concat_ws(0x3a,username,password),3,4+from+users
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'modules.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive information, modify data, deface the website, etc.
A remote SQL injection vulnerability exists in PHP-NUKE Modules Manuales v0.1. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Services By CQR