A vulnerability exists in Videos Broadcast Yourself V2, which allows an attacker to inject arbitrary SQL commands via the 'UploadID' parameter in 'videoint.php'. This can be exploited to disclose sensitive information from the database, such as usernames, passwords, and email addresses. Additionally, the 'catvideo.php' and 'cviewchannels.php' scripts are also vulnerable to SQL injection.
Arcadem Pro 2.8 is vulnerable to Blind SQL Injection in the index.php article parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
A vulnerability in the DreamPics Builder application allows an attacker to inject arbitrary SQL commands via the 'fuseaction' parameter in the 'index.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the application with administrative privileges.
A Remote Code Execution vulnerability exists in Vtiger CRM version 5.0.4. In order to exploit this vulnerability an account on the CRM system is required. The vulnerability resides in the "Compose Mail" section. The software permits sending email with attachments and offers a draft save feature. When this feature is requested and an attachment is specified, the "saveForwardAttachments" validation routine is called. This routine involves some security checks to handle uploaded files, it does blacklist extension checking and if a bad extension is detected the file is not accepted. Multiple CSRF vulnerabilities exist in Vtiger CRM version 5.0.4. The following actions can be performed without user interaction: 1. Create a new user 2. Delete a user 3. Change the password of a user 4. Change the user's access level A Local File Inclusion vulnerability exists in Vtiger CRM version 5.0.4. The vulnerability resides in the "index.php" script. This script accepts a "module" parameter and includes the specified file. A Cross Side Scripting vulnerability exists in Vtiger CRM version 5.0.4. The vulnerability resides in the "index.php" script. This script accepts a "module" parameter and includes the specified file.
TheGreenBow's tgbvpn.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD, and potential risk of Privilege Escalation.
This exploit allows an attacker to gain access to the server by exploiting a Remote File Inclusion vulnerability in SPIP - Content Management System < 2.0.9. The attacker sends a series of requests to the server, which allows them to access the server and download the XML file containing sensitive information.
AJ Auction Pro OOPD 2.x is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the application's database and potentially gain access to sensitive information such as usernames and passwords.
A buffer overflow vulnerability exists in HTML Email Creator & Sender v2.3 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted HTML file to the application, resulting in arbitrary code execution. The offset is at 60 bytes in the buffer, and code execution is possible. CPU registers EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI, and EIP are all controlled by the attacker.
BaBB 2.8 is vulnerable to a full code injection vulnerability. This vulnerability allows an attacker to inject arbitrary code into the BaBB.php file. This can be exploited to execute arbitrary PHP code by sending a specially crafted HTTP request to the vulnerable script.
JRun Management Console Directory Traversal vulnerability. Using Management Console authenticated attacker can read any file on server. Also attacker can exploit this issue using XSS.
Services By CQR