RSMonials is a Joomla component that allows users to post comments on a website. Anything entered into the form gets rendered as HTML, so malicious scripts can be added as long as they don't include quotes. This component ships with settings that prevent posting by default, but the administrator page for the testimonials renders the script in its entirety. The exploit can be used to remotely upload a file or create a new Super Administrator.
Webportal 0.8 Beta is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can include a malicious file from the local system or from a remote system. This vulnerability can be exploited to gain access to sensitive information, execute arbitrary code, and perform other malicious activities.
Go to http://[TARGET]/5star_rating/admin/control_panel_sample.php and enter username as admin 'or' 1=1 and empty password to bypass authentication.
Dokeos LMS contains one flaw that allows an attacker to include a local file with "html" extension. The issue is due to 'user_portal.php' script not properly sanitizing user input supplied to the 'include' GET variable.
This exploit allows a remote attacker to execute arbitrary code on a vulnerable system. The vulnerability exists in the Mani Admin Plugin for Counter Strike Source. The attacker can send a malicious payload to the vulnerable system via the ‘admin’ command. The payload is then executed on the vulnerable system, allowing the attacker to gain access to the system. The vulnerability was discovered by M4rt1n and was published on www.hackerzbay.com in 2009.
The vulnerability is caused due to an error with HEAD request and multi-socket. This can be exploited to crash the HTTP service.
The vulnerability allows an attacker to bypass the control panel of Studio Lounge Address Book 2.5. By accessing the URL http://loclahost/addressbook/index.php and then http://loclahost/addressbook/home.php, the attacker can bypass the control panel.
The I-Rater Platinum V4 and Photo Rating Script Pro are vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by entering the username 'admin'or'1=1' and leaving the password field blank. This will allow the attacker to bypass authentication and gain access to the application.
An SQL injection vulnerability in VS PANEL v.7.3.6 allows an attacker to execute arbitrary SQL commands via the Cat_ID parameter in showcat.php.
A SQL injection vulnerability exists in Quick.CMS Lite 0.5 when the 'id' parameter is passed to the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
Services By CQR