AJchat is vulnerable to a remote SQL injection attack due to an unset() bug. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. This vulnerability affects AJchat versions prior to 2.0.
vcart version 3.3.2 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A remote SQL injection vulnerability exists in DomPHP v0.81. An attacker can exploit this vulnerability to inject arbitrary SQL commands in the application by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the back-end database.
Hive v2.0 RC2 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the application. This can allow the attacker to gain access to sensitive information stored in the database.
iGaming cms version 1.3.1 and below is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
Evilsentinel is vulnerable to an admin bypass, captcha bypass, and spamming/anon mailing. The admin bypass is due to the lack of authentication check in the admin/index.php file. The captcha bypass is due to the lack of a call to the captcha.php file and the lack of a post variable named 'es_security_captcha'. The spamming/anon mailing is due to the ability to set a new mail for the admin in the ACP and attack the site with special forged HTTP_USER_AGENT headers to send a mail with the text you want.
DomPHP v0.81 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a maliciously crafted URL with a malicious file as a parameter. The malicious file is then included and executed on the vulnerable server.
MTCMS version 2.0 and below is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'a' and 'cid' parameters in the 'patch' and 'downloads' pages respectively. This can be exploited to gain access to the admin credentials and other sensitive information.
This exploit is used to crash the kernel of SunOS 5.10 by sending a malicious ICMP packet. It seems to work only if attacked in the same network segment, maybe because of firewalls/routers in place. This is the issue described in bid 22323.
This exploit allows an attacker to add an administrator to a DomPHP CMS website. The exploit works by sending a POST request with a specially crafted form data to the admin/index.php page. The form data contains the login, password, email, and level of the new administrator. If successful, the exploit will return a Location header with the URL of the newly added administrator.
Services By CQR