Eshopbuilder is a E-shop CMS written in persian language. The Eshopbuilder product is vulnerable to SQL injection. Injection "/home-f.asp","/opinions-f.asp" in "sitebid" parameter. Injection "/more-f.asp" in "sitebid" ,"id","secText","client-ip" and "G_id" parameters. Injection "/selectintro.asp" in "sitebid" ,"id","ma_id","mi_id","secText","client-ip" and "G_id" parameters. Injection "/advcount.asp" in "sitebid","secText","adv_code" and "client-ip" parameters. Injection "/advv.asp" in "sitebid","secText","adv_code" and "client-ip" parameters.
A SQL injection vulnerability exists in the Joomla Component Quick News. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
A SQL injection vulnerability exists in Joomla Component MusicGallery, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'index.php?option=com_musicgallery&task=itempage' request.
AdaptCMS Lite is a PHP CMS that is made for complete control of your website, easiness of use and easily adaptable to any type of website. It is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can lead to arbitrary code execution.
SugarCRM is prone to multiple remote vulnerabilities, including multiple SQL-injection vulnerabilities, multiple unauthorized access vulnerabilities, a remote file-include vulnerability, and a remote code-execution vulnerability. Exploiting these issues could allow an attacker to gain unauthorized access to the affected application, gain access to sensitive information, execute arbitrary PHP code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible. An attacker can exploit these issues through a browser.
Micronet SP1910 Network Access Controller is vulnerable to XSS and HTML code injection attacks. An attacker can inject malicious code into the UI of the controller, which can be used to steal user credentials and disconnect them from the network.
SweetRice version 0.5.0 and below is vulnerable to a Remote File Include vulnerability. This vulnerability exists in the file ./sweetrice/_plugin/subscriber/inc/post.php (line 2). An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the root_dir parameter. This will allow the attacker to include a remote file containing malicious code which will be executed on the vulnerable server.
This exploit allows an attacker to inject malicious SQL code into the 'catid' parameter of the classified.php page. This can be used to gain access to the database and potentially gain access to sensitive information.
MuPDF before commit 20091125231942 did not properly handle /Decode arrays in a shading of type 4 to 7, leading to a stack-based buffer overflow. Although SumatraPDF is compiled with /GS, for some reason Visual Studio 2008 failed to flag the vulnerable function. Thus, exploitation is not particularly difficult, although there are a few tricks: Care must be taken not to overwrite the obj pointer on the stack, as it would lead to a crash. Fortunately, the i variable is overwritten first, so one can simply increment it to skip obj. The overwritten array handles a bunch of floating point values. So all hexadecimal values (such as the overwritten eip) must be converted into a floting point value, but not using scientific notation because the MuPDf parser cannot handle it. For example, 0x33 will be encoded as 0.000000000000000000000000000000000000000000071. All 32-bit chunks of the shellcode need to have a valid floating point counterpart: no value must correspond to an IEEE 754 “NaN” (not a number) or “Inf” (infinity).
This exploit causes denial of service on any host that runs PHP via temporary file exhaustion. It doesn't matter whether the script handles uploads or not. If host runs PHP, it is enough to cause DoS using any PHP script it serves.
Services By CQR