freePHPgallery 0.6 present a local file inclusion vulnerability in the files index.php, comment.php and show.php. By modifying the cookie lang value with a ../../../../ etc., an attacker can gain access to local files.
A local file inclusion vulnerability exists in scribe 0.2. An attacker can exploit this vulnerability to include a file from the local host that is outside of the web root directory. This can be exploited by sending a specially crafted HTTP request containing directory traversal sequences and a URL-encoded null byte (%00) to the vulnerable script. This can allow an attacker to view sensitive files on the remote host.
A buffer overflow vulnerability exists in Rosoft Media Player 4.1.8 when processing specially crafted .M3U files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This exploit is a Perl script that can be used to exploit a blind SQL injection vulnerability in Joomla's com_mediaslide component. It uses the LWP::UserAgent and LWP::Simple modules to send HTTP requests and the Digest::MD5 module to generate MD5 hashes. The script takes the host, path, column, table, and regex as arguments and then iterates through the ASCII characters from 48 to 90 to find the correct one. It then checks if the vulnerability is present by comparing the MD5 hashes of two HTTP requests.
An attacker can exploit this vulnerability by adding malicious code to the 'tid' parameter in the URL. This malicious code can be used to extract the username and password of the users from the database.
An attacker can see the username and password of a Joomla website by exploiting a SQL injection vulnerability in the com_mcquiz component. The attacker can use the following two exploits to achieve this: 1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),0x3a/**/from/**/jos_users/* and 1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*
A SQL injection vulnerability exists in the com_paxxgallery component of Joomla. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. This vulnerability can be exploited by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application.
The artmedic weblog is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable web application. This can allow the attacker to view sensitive files on the server, such as the /etc/passwd file.
A vulnerability exists in Nuboard_v0.5 which allows an attacker to inject arbitrary SQL commands. This can be exploited to gain access to the database and potentially gain access to sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'ssid' parameter in 'threads.php' script. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can be done by sending a specially crafted URL to the vulnerable script.
A remote attacker can exploit a SQL injection vulnerability in Affiliate Market Ver.0.1 BETA to gain access to the database. An XSS vulnerability can also be exploited to inject malicious JavaScript code into the application.
Services By CQR