There are two vulnerabilities in the phpEventCalendar v.0.2.3 script. The first vulnerability is a classic MySQL injection in the /eventdisplay.php file on lines 12-14. The second vulnerability is a blind MySQL injection in the /eventform.php file on lines 17-23. The provided exploit URL demonstrates the first vulnerability by performing a union select to retrieve user information from the pec_users table.
A remote authentication bypass vulnerability affects TRENDnet TE100-P1U Print Server. This issue is due to a failure of the application to validate authentication credentials when processing print server configuration change requests. An attacker could reset print server to factory settings or changing its IP address without password security check.
Flyspray is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.
This exploit is a proof of concept denial of service attack on Novell BorderManager Enterprise Edition 3.5. The attacker sends a specially crafted packet to the target system, causing it to crash or become unresponsive. This exploit is for educational purposes only and should not be used maliciously.
vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
The RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
A remote SQL injection vulnerability has been discovered in ipbProArcade. The vulnerability is caused by the lack of proper sanitization of user-supplied input in the 'gameid' parameter. An attacker can exploit this vulnerability to manipulate SQL query strings and potentially execute arbitrary database queries. This could lead to the disclosure or corruption of sensitive database information.
An SQL injection vulnerability exists in Basic Analysis And Security Engine due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vulnerability exists due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the affected application. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vulnerabilities exist due to a failure in phpMyAdmin to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities by injecting arbitrary script code through specially crafted URLs, leading to the execution of malicious scripts in the context of the affected site. This can result in the theft of authentication credentials and other attacks.
Services By CQR