The app is riddled with SQL Injection. For example, an attacker can send a malicious URL to the application with a crafted SQL injection payload, such as ' or 1=1--, which can be used to bypass authentication and gain access to the application. Additionally, an attacker can also perform reflected XSS attacks by sending a malicious URL with a crafted script payload, such as '><script>alert(document.cookie)</script>.
Mamboleto Joomla! component is vulnerable to a remote file inclusion vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'mamboleto.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
This vulnerability allows an attacker to upload a malicious ASP shell to a vulnerable web server. The attacker can then use the shell to execute arbitrary commands on the server. The vulnerability is caused by a lack of proper validation of the uploaded file, allowing an attacker to upload a malicious ASP shell.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The malicious request contains an SQL query that is appended to the vulnerable parameter. This allows the attacker to execute arbitrary SQL commands on the underlying database.
A vulnerability exists in Joomla Component com_jsjobs which allows an attacker to inject malicious SQL queries via the 'vm' and 'vj' parameters in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database.
This module exploits a buffer overflow in the Eureka Email 2.2q client that is triggered through an excessively long ERR message.
Multiple injection (both XSS and SQL) vulnerabilities have been discovered in Testlink, a widely used test-case management application written in PHP. One of the XSS vulnerabilities, discovered in its login screen, can be exploited without an authenticated session.
This module exploits a buffer overflow in Audio Workstation 6.4.2.4.3. When opening a malicious pls file with the Audio Workstation, a remote attacker could overflow a buffer and execute arbitrary code.
A vulnerability in the Thomson TG585n router allows an attacker to download the user.ini file without authentication. This file contains the username and password of the router, which can be used to gain access to the router's web interface.
An attacker can bypass authentication by using a SQL injection attack. By entering the username 'admin' or '1=1' and the password 'Anti', an attacker can gain access to the real estate portal without authentication.
Services By CQR