The vulnerability allows a remote attacker to gain access to the membership database of the Codefixer Membership script system. The vulnerability exists due to the lack of authentication for the members.mdb file. A remote attacker can send a request to the vulnerable script and gain access to the membership database.
The vulnerability is caused due to an improper check in “repository_attachment.php” script, allowing the upload of files with arbitrary extensions to a folder inside the Webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script containing some kind of Web Shell. Also, using path traversal technique, an attacker can change the original destination path.
OSSIM is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer running OSSIM.
A vulnerability has been discovered in OSSIM, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id_document" parameter to repository_attachment.php is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
iSupport version 1.8 is vulnerable to Cross-Site Scripting (XSS) and Local File Inclusion (LFI) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameters of the application, which will be executed in the browser of the victim. An attacker can also exploit the LFI vulnerability to read sensitive files from the server.
We can use the following exploit to change users email and then go to 'forget your password' form and it will send us password on the email. We can upload a shell to the server using the following exploit. We can use the following exploit to change admin password and send email to subscribers. We can use the following exploit to inject malicious code into the application. We can use the following exploit to inject malicious code into the application.
JM CMS 1.0 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username parameter in the login form. By supplying a username parameter of 'admin' or 1=1--, an attacker can bypass authentication and gain access to the administrative panel.
Monkey HTTP Daemon is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Monkey HTTP Daemon 0.9.3 are vulnerable. A python script is available to exploit this vulnerability.
Many fields are not properly sanitised and some checks can be bypassed. All fields that were tested are vulnerable to Blind SQL Injection. An attacker may try to exploit this vulnerability using the full path disclosure released by the MySQL error to write a file into the remote file system, using as destination path the gallery directories, where the permissions must be setted to 777. When we want to write a module to upload a file, we must check the file extension. The application doesn't check the file extension, so an attacker can upload a malicious file with a double extension like .php.jpg. The application also doesn't check the file extension, so an attacker can upload a malicious file with a double extension like .php.jpg.
A vulnerability exists in SitePal v1.1 which allows an attacker to bypass authentication and gain access to the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a username of 'admin' and a password of 'X' or '1=1--' to the server/SitePalDemo/z_admin_login.asp page.