A SQL injection vulnerability exists in XOOPS Module eEmpregos. An attacker can exploit this vulnerability to inject malicious SQL commands via the 'cid' parameter in the 'index.php' script. This can be exploited to disclose the username and password of the administrator.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cid' parameter to '/index.php' script. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive information. An example of vulnerable URL is 'XXXXMyAnnonces/index.php?pa=view&cid=[EXPLOiT]'. An attacker can exploit this vulnerability by sending a specially crafted request with malicious SQL code in 'cid' parameter.
A vulnerability in php-nuke modules EasyContent allows remote attackers to inject arbitrary SQL commands via the page_id parameter in a modules.php request. This can be exploited to gain access to the database and potentially gain administrative access to the application.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. This can allow an attacker to gain access to sensitive information stored in the database.
Xorg file disclosure vulnerability (CVE-2007-5958) is a vulnerability in Xorg server which allows an attacker to determine the existence of a file on the system. This vulnerability affects Xorg server versions <= 1.1.1-48.13. The exploit is written in shell script and it starts a second X server and then checks for the existence of the file specified in the argument. If the file exists, it prints “*** FILE $1 EXIST !! ***” else it prints “*** FILE $1 DOES NOT EXIST !! ***”.
This exploit crashes the iPhoto DPAP (Digital Photo Access Protocol) Server on iPhoto 4.0.3. The server exits cleanly but it does not restart. The exploit sends a malformed GET request to the server, which causes it to crash. The loop is unnecessary but it does the job.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'name' parameter of '/usr/usrgetform.html' script. A remote attacker can include arbitrary files from local resources and execute arbitrary PHP code on the vulnerable system.
The sCssBoard is vulnerable to SQL Injection due to improper sanitization of user-supplied input in the 'functions/post.php' file. An attacker can inject malicious SQL queries into the 'posts_main', 'posts_topic', 'posts_name', 'posts_body', 'posts_starter', 'posts_posted', and 'posts_forum' parameters of the 'insert into' statement, allowing them to execute arbitrary SQL commands on the underlying database.
A SQL injection vulnerability exists in the XOOPS Module myTopics-print, which allows an attacker to execute arbitrary SQL commands via the 'articleid' parameter in the 'print.php' script.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cid' parameter to '/modules.php' script. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive information. Successful exploitation requires that 'magic_quotes_gpc' is disabled.
Services By CQR