A SQL injection vulnerability exists in Super Mod System 3.1 5, which allows an attacker to execute arbitrary SQL commands via the 'sb_id' parameter in the 'popup.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code. An example of such a request is: http://www.classified-software.co.uk/super-mod-system-v3/index.php?s=3+and+1=0+union+all+select+1,2,3,4,5--
A vulnerability in the PHP Paid 4 Mail Script allows attackers to include arbitrary files from remote locations. This is done by manipulating the 'page' parameter in the 'home.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an URL in the 'page' parameter. This can be used to include arbitrary files from remote locations, which can lead to the execution of arbitrary code.
This module triggers a Denial of Service condition in the Cisco WLC 4200 HTTP server. By sending a GET request with long authentication data, the device becomes unresponsive and reboots. Firmware is reportedly vulnerable.
iWiccle 1.01 is vulnerable to both Local File Inclusion and SQL Injection. An attacker can exploit these vulnerabilities by sending crafted requests to the application. For Local File Inclusion, an attacker can send a crafted request to the application with a malicious file path in the ‘module’ parameter. For SQL Injection, an attacker can send a crafted request to the application with a malicious SQL query in the ‘member_id’ parameter.
A SQL injection vulnerability exists in VS PANEL v.7.5.5, which allows an attacker to execute arbitrary SQL commands via the 'Cat_ID' parameter in the 'results.php' script. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to gain access to the application database, disclose sensitive information, modify data, and compromise the application and the underlying system.
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
This PoC exploits a stack overflow vulnerability in stftp <= 1.10. The vulnerability is triggered when a maliciously crafted PWD command is sent to the server, which causes a stack overflow. This PoC was tested on OpenSuSE 11.1 x64.
A vulnerability exists in URA 3.0 (cat) due to improper sanitization of user-supplied input in the 'cat' parameter of the 'rss.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to sensitive information from the database.
GarageSales Script is vulnerable to multiple remote vulnerabilities, including SQL Injection and Blind SQL Injection. An attacker can exploit these vulnerabilities to gain access to sensitive information, such as usernames and passwords, from the application's database. The vulnerable URL is http://www.garagesalesjunkie.com/tryit/visitor/view.php?key=null+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- for SQL Injection and http://www.garagesalesjunkie.com/tryit/visitor/view.php?key=null+union+select+1,2,(select+concat(username,0x3a,password)+from+admin_users+limit+0,1),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- for Blind SQL Injection.
A Blind SQL Injection vulnerability exists in Xoops Celepar Module Qas, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. This vulnerability is due to the improper sanitization of user-supplied input in the 'cod_categoria' and 'codigo' parameters of the 'categoria.php', 'imprimir.php' and 'aviso.php' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable server. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, as well as the execution of arbitrary SQL commands on the vulnerable system.
Services By CQR