A vulnerability in Grestul 1.2 allows an attacker to remotely add an admin user to the system. This is done by sending a POST request to the options.php page with the username and password of the new admin user. This vulnerability is due to insufficient input validation and authentication checks.
Virtue News is prone to multiple remote vulnerabilities, including SQL injection and XSS. An attacker can exploit these issues to manipulate SQL queries, access or modify data, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Frontis V3.9.01.24 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and email addresses stored in the application's database.
A local file inclusion vulnerability exists in the Joomla Component MooFAQ. An attacker can exploit this vulnerability to include local files on the vulnerable system. This can be done by sending a specially crafted HTTP request to the vulnerable system. The vulnerable parameter is 'file' in 'file_includer.php' script. An example of a vulnerable request is http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]. Demo Live (1): http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd Demo Live (2): http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd
The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected system via directory traversal attacks.
This exploit is a local kernel root exploit for Apple MACOS X xnu <= 1228.9.59. It exploits a vulnerability in workqueue_additem and workqueue_removeitem which do not validate the user defineable parameter prio. The exploit uses a heap spray to overwrite kernel memory and execute a payload to gain root privileges.
A vulnerability exists in interlogy Profile Manager Basic which allows an attacker to bypass authentication by manipulating the cookie. An attacker can send a crafted cookie with the value 'pmadm=dGVzd ' or '; path=/' to the server and gain access to the application. This can be done by using a JavaScript code such as 'javascript:document.cookie = "pmadm=dGVzd ' or '; path=/";' and then accessing the URL 'http://demo.interlogy.com/pm3/cgi/admin.cgi?action=edittemp' or 'http://demo.interlogy.com/pm3/cgi/admin.cgi?action=users'.
An attacker can exploit a SQL injection vulnerability in Virtue Shopping Mall to gain access to the admin credentials. The attacker can send a specially crafted HTTP request to the vulnerable application, which will then execute the malicious SQL statements. The attacker can then use the retrieved information to gain access to the admin credentials.
Virtue Classifieds is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. This issue affects Virtue Classifieds version 2.0.0; other versions may also be vulnerable.
A vulnerability exists in Joomla Component com_school (classid) which allows an attacker to inject malicious SQL commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. This can result in unauthorized access to sensitive information in the back-end database.
Services By CQR