A vulnerability exists in ThE g0bL!N Messages Library 2.0 which allows an attacker to remotely add an administrator account. This is due to a lack of authentication when adding an administrator account. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to add an administrator account with the credentials of their choice.
This exploit is a remote blind SQL injection vulnerability in PunBB VoteForUs.php OUT Mod <= v1.0.1. It allows an attacker to extract the password hash of a user from the database. The exploit works by sending a series of requests to the vulnerable application and measuring the response time. If the response time is greater than 6 seconds, it means that the condition is true and the character is extracted from the hash. The exploit is coded in Perl and uses the LWP::UserAgent module.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'deleteRank' and 'percent' parameters of '/admin/rankform.php' script. A remote attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. For Blind SQL-Inj, the attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. For SQL-Inj, the attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database, which can be used to extract admin name & pwd.
MDPRO CWGuestBook is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.
This exploit is a remote blind SQL injection vulnerability in PunBB Affiliations.php OUT Mod <= v1.1. It allows an attacker to extract the password hash of a user from the database. The exploit works by sending a series of requests to the vulnerable website, each of which contains a different SQL query. The response time of the website is then used to determine the value of the next character in the password hash.
A Blind SQL Injection vulnerability exists in WordPress Plugin Related Sites 2.1. An attacker can exploit this vulnerability by sending a specially crafted POST request to the vulnerable BTE_RW_webajax.php script. The POST request contains a malicious SQL query in the 'guid' parameter which can be used to extract sensitive information from the database.
The vulnerability exists due to insufficient validation of user-supplied input in 'admin.php' script. A remote attacker can send a specially crafted HTTP request with a malicious cookie value to gain administrative access to the application.
A vulnerability in BIGACE 2.6 allows an attacker to read arbitrary files on the server by using a Local File Inclusion (LFI) attack. This is done by sending a specially crafted HTTP request to the vulnerable server. The vulnerable parameter is the ‘cmd’ parameter in the ‘public/index.php’ script. By sending a request with a maliciously crafted ‘cmd’ parameter, an attacker can read arbitrary files on the server.
SMF Component Member Awards is vulnerable to Blind SQL-injection. An attacker can exploit this vulnerability to gain access to sensitive information such as version(), user(), database(), user name, user password, user salt and user mail.
A vulnerability in DM FileManager 3.9.4 allows an attacker to remotely download any file from the server. This is due to the lack of proper validation of the 'file' parameter in the 'dm-albums.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server.
Services By CQR