A vulnerability in the MyCars Automotive (mls) application allows an attacker to bypass authentication and gain access to the application. This is achieved by entering the username 'admin' or '1=1' and the password 'Super Cristal' into the login page.
A vulnerability in Pixelactivo 3.0 allows an attacker to bypass authentication by using a specially crafted username and password. The username must be set to 'admin_name' or '1=1' and the password must be set to 'ThE g0bL!N'. This allows an attacker to gain access to the admin panel of the application.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the context of the application's database user. This can be used to access or modify data in the database, or to execute administrative operations on the database (such as shutdown the DBMS).
A pipe vulnerability exists in the way PeaZIP handles file entries, prepare the .zip file, open with it, then double click the compressed text file, a cmd shell is launched.
Multiple vulnerabilities were discovered in Kloxo (formerly Lxadmin) web hosting platform. These vulnerabilities were tested on centos-5-i386-hostinabox575.tar.gz. The vendor was notified on 05/21/2009 but no response was received. The private resource containing the vulnerability info still does not appear to have been accessed.
A vulnerability in Web Directory PRO allows an attacker to download the database backup without authentication.
A vulnerability in Host Directory Pro allows an attacker to bypass authentication and access the backup database. The vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password. This will allow the attacker to bypass authentication and access the backup database.
This vulnerability allows an attacker to bypass authentication and gain access to the web directory. The vulnerability exists in the Web Directory PRO application, which is vulnerable to an authentication bypass attack. The attacker can exploit this vulnerability by sending a specially crafted HTTP request to the application. This request will bypass the authentication and allow the attacker to gain access to the web directory.
An attacker can exploit this vulnerability by accessing the login.php page and then going to the user_profile.php page to change the admin password.
OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as the first record instead of ClientHello.
Services By CQR