FretsWeb is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploit code: http://[target]/[path]/index.php?name=[SQL]
TekBase All-in-One 3.1 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The first vulnerability can be exploited by an authenticated attacker with admin access. The second vulnerability can be exploited by an unauthenticated attacker with a valid user account. Both vulnerabilities are caused by improper sanitization of user-supplied input in the 'op' and 'y' parameters of the 'admin.php' and 'members.php' scripts respectively.
FretsWeb 1.2 suffers from multiple local file inclusion vulnerabilities due to insufficient sanitization of user-supplied input.
Nibble Security discovered a remote arbitrary file retrieval in XOOPS version 2.3.3, which could be exploited to read system or XOOPS configuration files ("mainfile.php"). A vulnerable read_file() function can be found in "module_icon.php" under /xoops_lib/modules/protector/. Here an image icon is read and its full pathname is constructed using a user-controllable variable called "$mydirpath" : If register_globals is enabled and magic_quotes_gpc disabled, it's possible to control the "$mydirpath" variable content and inject an arbitrary filename (followed by a NULL byte (%00) to make file_exists() function ignore the following "/module_icon.png"), resulting in file cointents disclosure.
Carom 3D is an online multi-user billiard game created with special 3D graphic effects. The world famous korean game Carom3D suffers from a buffer overflow and a denial of service vulnerability. The BoF is triggered at runtime when we append 218 > bytes as an argument. ~1000 bytes overwrites SEH. The denial of service is triggered when a user creates a LAN Game (cred. needed), creates a room and awaits other players to join the game. While awaiting (listening on port 28012), with a simple HTTP GET/POST, an attacker can lockdown the GUI of the user created the room, not alowing to start or even exit the game's GUI, unless forced quit (X).
The WriteTaskDataToIniFile method doesn't check if it's being called from the application or from a malicious user. A Remote Attacker could craft a html page and overwrite arbitrary files in a system.
A vulnerability exists in Joomla Component com_jumi (fileid) which allows an attacker to perform a Blind SQL injection attack. An attacker can send a specially crafted HTTP request containing malicious SQL code to the vulnerable application in order to extract data from the database. The vulnerable parameter is the 'fileid' parameter which can be found in the URL. An example of a malicious URL is http://localHost/path/index.php?option=com_jumi&fileid=n<Sql Code>. The malicious SQL code can be used to extract data from the database such as usernames and passwords.
The Recipe Script version 5 is vulnerable to a cookie grabber exploit. An attacker can register on the site with a malicious JavaScript code in the first name field. This code will redirect the user to a malicious URL with the user's cookie. The malicious URL can be hosted on the attacker's server and can be used to log the user's cookie. This cookie can then be used to hijack the user's session.
Phportal v1 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the database.
This vulnerability allows an attacker to inject malicious code into the vulnerable application. The malicious code can be used to redirect users to malicious websites, inject iframes, or execute arbitrary JavaScript code.
Services By CQR