Chipmunk Blog is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability to gain administrative access to the application. This is due to the application not properly sanitizing user-supplied input to the 'username' and 'password' parameters in the 'reguser.php' and 'authenticate.php' scripts. An attacker can exploit this vulnerability by supplying a specially crafted 'username' and 'password' parameters when authenticating to the application.
The GameScript 4.6 web application is vulnerable to XSS, SQL Injection and Local File Include attacks. An attacker can inject malicious JavaScript code into the search parameter of the /games.php page, inject malicious SQL code into the user parameter of the /page.php page, and include a malicious file into the file_to_include parameter of the /page.php page.
This exploit allows an attacker to gain access to the password of a user in the Community CMS <= 0.4 by exploiting a blind SQL injection vulnerability.
A buffer overflow vulnerability exists in Zinf Audio Player 2.2.1 when handling a specially crafted gqmpeg file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
A heap overflow vulnerability exists in Zinf Audio Player 2.2.1 when processing a specially crafted M3U file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is caused due to a boundary error within the processing of the M3U file. This can be exploited to cause a stack-based buffer overflow by passing an overly long string to the affected application.
Zinf Audio Player 2.2.1 is vulnerable to a buffer overflow vulnerability when processing a specially crafted PLS file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This exploit was tested in Windows Pro SP 2 (French).
A buffer overflow vulnerability exists in Zinf Audio Player 2.2.1 when processing a specially crafted PLS file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
Pixie CMS has Multiple Local File Include vulnerabilities. Input parameters is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that "register_globals" is enabled.
This bug allows a guest to view username and password (md5) of a registered user with the specified id (usually 1 for the admin) by using the following URL: http://www.site.com/path/show_post.php?id=-1'+UNION+ALL+SELECT+1,concat('username: ', username),concat('password: ', password),4,5,6,7+FROM+users+WHERE+id=1%23
A vulnerability in Flax Article Manager 1.1 allows an attacker to upload a malicious file to the server. An attacker can register on the site, choose a malicious file as their avatar, and the malicious file will be uploaded to the server. The malicious file can then be accessed by going to the profile page of the attacker and right-clicking on the avatar to view the properties. The malicious file can then be accessed by going to the URL of the malicious file.
Services By CQR