A vulnerability exists in the eZine component v2.1 of Joomla / Mambo which allows an attacker to include a remote file via the GLOBALS[mosConfig_absolute_path] parameter in the d4m_ajax_pagenav.php script. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.
The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'id' parameter in 'item' and 'sections' scripts. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
A remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service.
The Baby Web Server 2.7.2 is vulnerable to a Denial of Service attack. The vulnerability lies in the server's inability to handle a large number of requests. An attacker can send a large number of requests to the server, causing it to crash.
Xerver 4.31 and 4.32 are vulnerable to HTTP Response Splitting attacks. An attacker can inject malicious content into the response header by sending a specially crafted HTTP request. This can be used to perform various attacks such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The proof of concept for this vulnerability is a specially crafted HTTP request containing a malicious payload in the response header.
phpMyBackupPro is vulnerable to Arbitrary File Download. The parameter 'view' is not properly sanitized which results in Arbitrary file download. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable page 'get_file.php' with the parameter 'view' set to the path of the file to be downloaded.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'names' and 'shouts' parameters to the '/Shoutbox/index.php' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
ActiveBids (default.asp) is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other confidential data. The vulnerability can be exploited by sending a specially crafted URL to the vulnerable application. The URL contains a malicious SQL query that can be used to extract data from the database.
Active Trade 2.0 is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'catid' in the default.asp page. This can be exploited to gain access to the database and potentially gain access to sensitive information.
TelebidauctionScript is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the 'aid' parameter of the 'allauctions.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The attacker can use the 'bsqlbf' tool to write detailed information.