A vulnerability in DMXReady Registration Manager version 1.1 allows an attacker to upload arbitrary files to the server. This can be exploited to execute arbitrary code by uploading a malicious file. The vulnerability exists in the assetmanager.asp file, which is used to upload files. An attacker can exploit this vulnerability by selecting a malicious file and uploading it to the server. The malicious file can then be accessed at http://site.com/assets/webblogmanager/shell.aspx.
An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The attacker can use the UNION operator to combine the results of two or more SELECT statements into a single result set.
NC LinkList 1.3.1 is vulnerable to a remote command injection vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject arbitrary commands which will be executed on the server side. The attacker can also read the configuration file of the application by sending a crafted HTTP request.
An attacker can exploit a vulnerability in NC GBook 1.0 to inject arbitrary commands into the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Autor', 'E-Mail' and 'Homepage' fields when adding a new entry. An attacker can exploit this vulnerability to inject arbitrary commands into the application, which will be executed with the privileges of the web server process. This can be exploited to gain access to the server, or to execute arbitrary PHP code.
Catviz 0.4.0 Beta 1 is prone to local file inclusion and cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
exJune Office Message System v1 is prone to multiple vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, control how the site is rendered to the user, and potentially compromise the application and the underlying computer.
A SQL injection vulnerability exists in Joomla Module com_casino_blackjack and com_casinobase. An attacker can exploit this vulnerability to gain access to the admin hash of the application. This can be done by sending a specially crafted HTTP request to the vulnerable application with the malicious payload in the ‘game_mode’ parameter. This will allow the attacker to execute arbitrary SQL queries on the underlying database.
When the KSWebShield detects a malwebsite, it sends the evil url from the web browser to the KSWebShield service, and popup a dialog which alerts that a malwebsite has been detected. Because it's unreliable filter method, the attacker can insert any HTML tag in the alert dialog. when the evil codes are successfully inserted, we can use javascript to call it's inner functions of the KSWebShield and execute any system commands.
A vulnerability in dm-filemanager allows an attacker to bypass authentication and gain access to the application. This is done by providing a username and password of ' or '1=1. This allows the attacker to gain access to the application without providing valid credentials.
The vulnerability is caused due to the use of user-supplied input in a SQL query without proper sanitization. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is exploited by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable script.
Services By CQR