An attacker can bypass authentication by using the username and password of '1'or'1'='1' in the admins.php and preview.php pages of the Pre Job Board 1.0 software.
This exploit allows an attacker to create a new admin staff on the server by sending a maliciously crafted request. The request contains the name, username, password, email, and status of the new admin staff. The status is set to 'Active' by default.
The exploit allows an attacker to bypass authentication and add a user to the Basic php-events lister2 application. The attacker can access the add_user.php page and add a user with any credentials. After that, the attacker can access the login.php page and gain access to the application.
dblog is vulnerable to a remote database disclosure vulnerability. An attacker can access the dblog.mdb database located at http://localhost/path/mdb-database/dblog.mdb to gain access to sensitive information.
The Staging Webservice (normally found in "/sitecore modules/staging/ service/api.asmx") used for transmitting files between the Sitecore Master and Slave Server is vulnerable to authentication bypass and therefore files can be uploaded in arbitrary directories on the server, files can be downloaded from arbitrary directories on the server, directory listings of the whole server can be received and the webserver cache can be deleted. An attacker is able to upload a shell, delete the webserver cache and execute arbitrary code on the server.
Input passed to 'PHP_SELF' variable is not properly filtered before being returned to the user. This can be explotied to inject arbitrary HTML or to execute arbitrary script code in a user's browser session in context of an affected site. In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
This vulnerability allows an attacker to upload a malicious shell to a vulnerable website running the PHP F1 webscripts. The attacker can use the Google Dork “Photo Album” “Powered by PHP F1” to find vulnerable websites. The attacker can then access the admin.php page and upload a malicious shell with the name shell.php.pjpeg. The attacker can then access the shell by going to the URL http://server/path/original/shell.php.pjpeg.
Cisco VPN SSL Clientless lets administrators define rules to specific targets within the private network that WebVPN users will be able to access. This specific targets are published using links in VPN SSL home page. These links (URL) are protected (obfuscated) using a ROT13 substitution and converting ASCII characters to hexadecimal. An user with a valid account and without “URL entry” can access any internal/external resource simply taken an URL, encrypt with ROT 13, convert ASCII characters to hexadecimal and appending this string to Cisco VPN SSL URL.
A multi Blind SQL Injection vulnerability was discovered in the Multi-lingual Application software of www.charon.co.uk. The vulnerability was discovered by ((R3d-D3v!L)) in December 2009. The vulnerable URL is http://server/multi_language/adminsection/products_update.asp?ProductID={Err0r}. The exploit is done by sending a malicious request with a true statement such as products_update.asp?ProductID=1 and 1=1 and a false statement such as products_update.asp?ProductID=1 and 1=2. The same exploit can be done on RegistrationResults.asp?Delete={JuPA} and content.asp?ContentID=((M2Z)).
A blind SQL injection vulnerability exists in the 'player.asp?player_id' parameter of the Texas Rankem software from www.clicktech.com. An attacker can send maliciously crafted requests to the vulnerable parameter to execute arbitrary SQL commands on the underlying database.