A Better Member-Based ASP Photo Gallery is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to access the database and gain access to sensitive information such as usernames and passwords.
BusinessSpace version 1.2 and prior is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and compromise the application, disclose or modify sensitive data, or exploit latent vulnerabilities in the underlying database.
FeedDemon version 2.7.0.0 is prone to a buffer overflow vulnerability when importing a specially crafted OPML file. This could allow an attacker to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when the application handles the 'text' parameter of an OPML file. An attacker can exploit this vulnerability by enticing a legitimate user to import a malicious OPML file.
The vulnerability exists due to insecure handling of the $_COOKIE["cms_admin"] variable in the admin/index.php script near line 67. A remote attacker can gain access to the admin panel by setting the cms_admin cookie to a valid value.
Netgear VPN router SSL312 is proune to a remote DoS condition which can get triggered if somebody has access to the webinterface of the VPN router. The problem is related to a propietary CGI binary and makes is impossible for users to patch the router. If you modify the URL as below and resend your http request the device will crash and reboot.
This exploit is used to gain access to the IF-CMS 2.0 system by exploiting a blind SQL injection vulnerability. The exploit uses a benchmarking technique to determine the correct password character by character. The exploit is written in PHP and requires the hostname, path, and username of the target system.
A vulnerability in Traidnt UP Version 1.0. allows an attacker to upload malicious files to the server. The attacker can upload a malicious file with a .php.gif or .php.jpg extension, which will be executed as a PHP script.
A Remote File Include (RFI) vulnerability exists in phpyabs 0.1.2. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable system.
SilverNews 2.04 is vulnerable to authentication bypass, local file inclusion and remote code execution. An attacker can bypass the authentication by providing username as ' or '1=1 and password as x0r. An attacker can also perform local file inclusion by providing the path of the file in the section parameter of the admin.php file. An attacker can also perform remote code execution by providing malicious code in the show_cat_prefix parameter of the settings.php file.
This exploit allows an attacker to execute arbitrary code on a vulnerable system. It is based on a vulnerability in 1024 CMS version 1.4.4, which allows an attacker to inject malicious code into the application via a Remote File Inclusion (RFI) attack. The malicious code is then executed on the vulnerable system.
Services By CQR