Input passed via the "Referer:" field of the HTTP header to index.php is not properly sanitised before being used in SQL query resulting in SQL injection. However the SQL injection is blind and shall be exploited by a time-based technique, or any other, suitable for blind SQL injection exploitation.
The Vulnerability Laboratory Research Team discovered multiple SQL Injection vulnerabilites in Event Script PHP v1.1 CMS. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms without user inter action. The vulnerabilities are located in the eventscript.php file and the bound parameters p & id. The sql injection vulneability can be exploited by remote attackers with low required user inter action. Successful exploitation of the vulnerability results in dbms & application compromise.
Multiple SQL Injection vulnerabilities are detected in Freesides SelfService CGI|API v2.3.3. The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the affected application dbms without user interaction. Multiple persistent input validation vulnerabilities are detected in Freesides SelfService CGI|API v2.3.3. The bug allows remote attackers to implement/inject malicious script code on the application-side (persistent).
This module exploits a function prototype mismatch on the CQOle ActiveX control in IBM Rational ClearQuest < 7.1.1.9, < 7.1.2.6 or < 8.0.0.2 which allows reliable remote code execution when DEP isn't enabled.
The vulnerability is caused by a tilde character '~' in a Get request, which could allow remote attackers to Deny the functionality of the server.
An SQL injection vulnerability exists in Webify Link Directory, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to manipulate data, disclose sensitive information, or gain access to the system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script when handling a 'page=browse' request. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script.
The vulnerability is caused due to all these scripts using "unserialize()" with user controlled input. This can lead to execution of arbitrary PHP code passing an ad-hoc Zend Framework serialized object.
Input data from the form submission is not properly sanitized. Using blind SQL injection techniques, true statements will result in the rating being updated, while false statements will cause the plugin to hang. Using Burp Suite or other proxy, intercept the post request when submitting the form and append and 1=1 to the postID parameter before forwarding. True statement example: action=cast_vote&token=d9ad983425&moodthingyvote=6&postID=6 and 1=1&results_div_id=voteresults. In the example above, the request will process successfully and the rating will be updated accordingly. By replacing 1=1 with 1=0, the plugin will hang and the process will never successfully complete, giving you the necessary true/false conditions for blind sql injections.
A Local Buffer Overflow Vulnerability has been found on the Photodex ProShow Producer v5.0.3256. When starting, the application loads the contents of the 'load' file from its application directory. The application does not validate the length of the string loaded from the 'load' file before passing it to a buffer, which leads to a Buffer Overflow. An attacker needs to force the victim to place an arbitrary 'load' file into the application directory.
CLscript - Classified Script 3.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or even execute arbitrary code on the server.
Services By CQR