Demium CMS, version 0.2.1 Beta, is prone to multiple remote vulnerabilities, because of insufficient security on it. Authority Bypass via Sql Injection vulnerability can be exploited by putting 'admin_user' or '1=1' in username form. Remote SQL Injection vulnerability can be exploited by putting '1'' in URL.
A Blind SQL-Injection vulnerability was discovered in Irokez Blog. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The application does not properly sanitize user-supplied input before using it in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can also exploit an Include vulnerability in the application. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The application does not properly sanitize user-supplied input before using it in an include statement. This can be exploited to include arbitrary files from local or external resources. An Active XSS vulnerability was also discovered in the application. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The application does not properly sanitize user-supplied input before using it in an HTML output. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Hex Workshop is vulnerable to a local code execution vulnerability. An attacker can exploit this vulnerability by creating a specially crafted .hex file and importing it into Hex Workshop. This will cause the application to execute arbitrary code on the system.
SkyPortal Downloads Manager v1.1 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This may lead to the disclosure of sensitive information, the manipulation of data, or the unauthorized execution of arbitrary code.
POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Exploit is a SEH overwrite exploitation, uses Imap.dll (included with POP Peeper) for universal exploitation. It is tested on Windows XP SP3.
BannerManager v0.81 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to execute arbitrary code on the server.
A vulnerability exists in Coppermine Photo Gallery version 1.4.20 and prior that allows an attacker to inject malicious code into a BBCode IMG tag. This can be used to escalate privileges when an administrator visits the page.
An SQL injection vulnerability exists in Newsletter Manager Plus.Attach, which allows an attacker to gain access to the administrative panel. By sending a specially crafted HTTP request, an attacker can inject arbitrary SQL code into the application. This can be used to bypass authentication and gain access to the administrative panel.
Unhandled variable Inclusion in default template file results in RFI Vulnerability
SkyPortal WebLinks v0.12 is prone to multiple vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and perform other attacks.
Services By CQR