A vulnerability exists in freejokesscript = 1.0 (joke-archives.php) which allows an attacker to inject malicious SQL commands and bypass the admin authentication. The vulnerability is due to insufficient sanitization of user-supplied input in the 'cat_name' and 'cat_id' parameters of the 'joke-archives.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation could result in unauthorized access to the application, disclosure of sensitive information, and other attacks.
A vulnerability exists in PHP Krazy Image Host Script 1.01 due to improper sanitization of user-supplied input in the 'id' parameter of the 'viewer.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to the application database, resulting in the disclosure of sensitive information.
A remote exploit was discovered in InselPhoto v1.1 which allows an attacker to extract admin credentials and disclose files via SQL Injection. The vulnerable file is /[path]/search.php line 37. The SQL Injections used by this exploit are [1] ' union select 0,0,concat(username,0x3a,password),0,0,0,0,0 from inselphoto_users# and [2] ' union select 0,0,load_file('lf'),0,0,0,0,0#.
A SQL injection vulnerability exists in Scripts Den Dating Demo V9.01(searchmatch.php) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. By sending a specially crafted HTTP request to the vulnerable application, an attacker can execute arbitrary SQL commands on the underlying database. This can be used to bypass authentication, access, modify and delete data within the database.
Dacio's PHP scripts CMS version 1.08 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
A directory traversal vulnerability exists in Geovision Digital Video Surveillance System (geohttpserver) version 8.2, which allows an attacker to access arbitrary files on the system. This is achieved by sending a specially crafted HTTP request containing directory traversal sequences such as '../' to the vulnerable server.
Bugged file is /[path]/admin.php where an insecure cookie handling vulnerability exists. Bugged file is /[path]/view.php where a SQL injection vulnerability exists. Bugged file is /[path]/view.php where an XSS vulnerability exists.
A vulnerability in SkaDate Dating allows an attacker to upload a malicious shell to the server. The attacker can then use the shell to execute arbitrary commands on the server. The vulnerability exists due to insufficient validation of the uploaded file type. An attacker can exploit this vulnerability by uploading a malicious PHP file with a double extension such as “shell.php.jpg”. The malicious file will be uploaded to the server and can be accessed via a web browser.
This exploit is used to gain access to the content of a file on a TYPO3 server. It works by sending a request to the server with a jumpurl parameter set to the file to be accessed, a type parameter set to 0, a juSecure parameter set to 1, and a locationData parameter set to 1:. The server then responds with a juHash parameter which is used to access the content of the file. The exploit is used to gain access to the typo3conf/localconf.php file.
The vulnerability is caused by improper handling of the '%' character in ProFTPD's SQL authentication. This leads to an SQL injection during login, allowing an attacker to bypass authentication and gain access to the system.
Services By CQR