Logoshows BBS 2.0 is vulnerable to an authentication bypass vulnerability due to a SQL injection flaw. An attacker can exploit this vulnerability by supplying a specially crafted username and password to the login page. This will allow the attacker to bypass authentication and gain access to the application.
IsolSoft Support Center 2.5 is vulnerable to Remote File Inclusion (RFI), Local File Inclusion (LFI) and Cross-Site Scripting (XSS). The vulnerable code is present in the ‘lang’ parameter of the ‘newticket.php’, ‘index.php’ and ‘rempass.php’ files. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the target server. For XSS, the attacker can send a malicious JavaScript code in the ‘lang’ parameter of the ‘newticket.php’ file. For RFI and LFI, the attacker can send a malicious file path in the ‘lang’ parameter of the ‘index.php’, ‘newticket.php’ and ‘rempass.php’ files.
Facil Helpdesk is vulnerable to multiple vulnerabilities, including Remote File Inclusion (RFI), Local File Inclusion (LFI) and Cross-Site Scripting (XSS). The vulnerable code is located in the kbase.php and index.php files. An attacker can exploit the RFI/LFI vulnerability by sending a malicious URL to the application, which can be used to execute arbitrary code on the server. The XSS vulnerability can be exploited by sending a malicious script to the application, which can be used to steal user cookies.
An authentication bypass vulnerability exists in PHPCityPortal. An attacker can exploit this vulnerability to bypass authentication by entering 'or' as the username and password. This will allow the attacker to gain access to the application.
This exploit allows an attacker to bypass authentication and gain access to the Arab Portal v2.2 application. It is done by exploiting a blind SQL injection vulnerability in the application. The attacker can also gather information from the database such as database name, user, password, table prefix, table names, column names, and data.
FoxPlayer 1.1.0 is vulnerable to a local stack overflow vulnerability. The vulnerability is caused due to a boundary error when handling specially crafted .m3u files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .m3u file. Successful exploitation may allow execution of arbitrary code.
This exploit is for a local stack overflow vulnerability in iRehearse. The vulnerability is triggered when a specially crafted m3u file is opened. The file contains a header of 'MILW0RM' followed by 40 'A' characters, which causes a stack overflow. This exploit was discovered by opt!x hacker and the proof of concept can be downloaded from http://rjvmedia.co.uk/software/iRehearseTrial.zip.
Typing Pal version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'forumid' parameter to '/globepersonnel_forum.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the application with administrative privileges.
Banner Exchange Script 1.0 is vulnerable to a blind SQL injection vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'targetid' parameter of the 'click.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the back-end database, resulting in the manipulation or disclosure of arbitrary data. This can be exploited to bypass authentication and gain administrative access.
Services By CQR