Dog Pedigree Online Database v1.0.1-Beta is vulnerable to Insecure Cookie Handling. This vulnerability can be exploited by malicious users to gain access to sensitive information. The vulnerability is reported in the version 1.0.1-Beta. It is advised to upgrade to version 1.0.2-Beta or later to mitigate this vulnerability.
VidShare Pro is prone to multiple remote vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, access or modify data, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This exploit is based on vulnerabilities discussed at http://www.milw0rm.org/exploits/8713. It requires register_globals = on and magic_quotes_gpc = off. It uses an SQL injection to retrieve the absolute path and then injects a malicious PHP code into a log file. The attacker can then execute commands with http://[host][path]logs/log_db.inc.php?cmd=COMMAND.
A vulnerability in PAD Site Scripts v3.6 allows an attacker to gain access to the admin panel by setting the authuser cookie to the username of the admin account. This can be done by using a JavaScript code such as 'javascript:document.cookie="authuser=[demo];path=/"' and then guessing the username of the admin account. Once the username is guessed, the JavaScript code can be used again to set the authuser cookie to the username of the admin account, followed by the URL of the admin panel.
A remote file download vulnerability exists in Namad version 2.0.0.0. An attacker can exploit this vulnerability to download sensitive files from the server. The vulnerability is present in the SecureDownloads.aspx page, which allows an attacker to download any file from the server by manipulating the FileName parameter.
A buffer overflow vulnerability exists in the ConvertFile() method of the AOL IWinAmpActiveX Class (AmpX.dll 2.4.0.6) when used in Internet Explorer 6 and 7. An attacker can exploit this vulnerability by sending a maliciously crafted HTML page to a vulnerable system, which will cause a buffer overflow when the ConvertFile() method is called. This can lead to arbitrary code execution.
This exploit is used to gain access to the Joomla com_gsticketsystem (catid) by exploiting a blind SQL injection vulnerability. The exploit uses the 'catid' parameter to inject malicious SQL code into the database, which can then be used to extract the username and password of the user. The exploit is written in PHP and can be used with the command line.
A remote attacker can exploit this vulnerability by registering an account on the application, logging in with the account, and uploading a malicious shell. The attacker can then execute arbitrary code on the vulnerable system.
This exploit allows an attacker to remotely change the password and add an admin user to the PHP Article Publisher application. The exploit is triggered by sending a POST request to the functions.php page with the id parameter set to 2. The attacker can then set the email and password fields to the desired values.
DGNews 3.0 Beta is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR