cpCommerce version 1.2.8 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id_document' in the 'document.php' file. The dork for this vulnerability is 'Powered by cpcommerce'.
We can execute commands via 'ns' variable. Just use || before and after the command.
webSPELL is a free Content Management System (CMS) based on PHP and MySQL which is vulnerable to XSS (BYPASS BBCODE) COOKIES STEALING.
A vulnerability in Online Password Manager v4.1 allows an attacker to inject arbitrary cookies into the application. An attacker can exploit this vulnerability by sending a maliciously crafted cookie to the application. This can allow the attacker to gain access to the application without authentication.
NetHoteles v2.0 is vulnerable to authentication bypass due to improper input validation. An attacker can exploit this vulnerability by providing malicious input in the username and password fields. This will allow the attacker to bypass authentication and gain access to the application. The attacker can then use the application to perform malicious activities such as data exfiltration, privilege escalation, etc.
When requested uri isn't found, it goes to char tmp[255], and later it is used to output, you need 256 chars to overflow (check source http.c). An attacker can send a maliciously crafted request with 256 characters to the vulnerable server, which will cause a buffer overflow and allow the attacker to execute arbitrary code on the server.
This exploit is for Windows Media Player. It creates a malicious .mid file which when opened in Windows Media Player, causes an integer overflow resulting in a crash. The malicious .mid file contains a header with a length of 0x6, followed by a track header with a length of 0x4e. The track header contains a malformed MIDI message which causes the integer overflow.
Job2C version 4.2 is vulnerable to multiple Local File Inclusion (LFI) vulnerabilities. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'adtype' parameter in 'windetail.php' and 'detail.php' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious 'adtype' parameter value to the vulnerable script. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
A remote file upload vulnerability exists in Job2C version 4.2. An attacker can register in the site, login and upload a malicious shell to the photoes directory. The malicious shell will be accessible at www.site.com/path/photoes/number_shell.php
A vulnerability in phpEmployment allows remote attackers to gain access to sensitive information by requesting the conf/conf.inc file.
Services By CQR