A SQL injection vulnerability exists in the Password Protect script, which allows an attacker to gain access to the admin panel without authentication. The vulnerability is due to the improper sanitization of user-supplied input to the 'username' and 'password' parameters when logging in to the admin panel. An attacker can exploit this vulnerability by supplying a malicious SQL query as the value of the 'username' and 'password' parameters.
A SQL injection vulnerability exists in the Ware Support application. An attacker can exploit this vulnerability to gain access to the application and execute arbitrary SQL commands. The vulnerability is due to insufficient input validation of the 'username' and 'password' parameters. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL commands to the vulnerable application. This will allow the attacker to gain access to the application and execute arbitrary SQL commands.
AJA 1.2 is vulnerable to multiple local file inclusion vulnerabilities. The vulnerabilities exist due to insufficient sanitization of user-supplied input to the 'currentlang' and 'module_name' parameters in the 'case.php' and 'FANCYNLOptions.php' scripts respectively. An attacker can exploit these vulnerabilities to include arbitrary local files, resulting in the disclosure of sensitive information, and the execution of arbitrary code.
A vulnerability in Flatnux allows an attacker to inject an iframe into the Job field of a user profile. This iframe can be used to execute malicious JavaScript code in the context of the vulnerable website. The malicious code can be used to steal cookies and other sensitive information from the user's browser.
A vulnerability in SMA-DB v0.3.12 allows remote attackers to include arbitrary files via a URL in the _page_content parameter to theme/format.php, and execute arbitrary code via a URL in the _page_content parameter to startpage.php.
This PoC exploits a vulnerability in Google Chrome which allows remote attackers to execute arbitrary code via a crafted HTML document containing a chromehtml URI with a --renderer-path argument, which is not properly handled when the --no-sandbox argument is also used.
Spider Player 2.3.9.5 is vulnerable to a buffer overflow vulnerability when a specially crafted .asx file is opened. The vulnerability is caused due to a boundary error when handling the .asx file, which can be exploited to cause a stack-based buffer overflow by writing a large amount of data to the file.
eVision CMS version 2.0 and prior are vulnerable to SQL injection. The vulnerability is due to insufficient sanitization of user-supplied input in the 'field', 'module' and 'id' parameters of the 'iframe.php' script. An attacker can exploit this vulnerability to gain access to the admin's password (hashed) by sending a specially crafted HTTP request to the vulnerable script.
A vulnerability exists in SkaLinks 1.5 which allows an attacker to bypass authentication and gain access to the admin panel. The vulnerability is due to the IsAdmin() function in the admin panel not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted cookie with the admin name set to '1' OR 1=1/*. This will bypass the authentication check and allow the attacker to gain access to the admin panel.
A Cross-Site Scripting (XSS) vulnerability was discovered in Orca-v.2.0.2. An attacker can exploit this vulnerability to inject malicious JavaScript code into the application. This code will be executed in the browser of the victim when the vulnerable page is accessed.
Services By CQR