Videohive Clone Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
A SQL injection vulnerability exists in Audiojungle Clone Script, which allows an attacker to execute arbitrary SQL commands via the 'by' parameter in the LastAdded page. This can be exploited to read, modify or delete data from the database.
A SQL injection vulnerability exists in Codecanyon Clone Script, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the application. This can result in the disclosure of sensitive information, manipulation of data, or even the execution of arbitrary code.
A SQL injection vulnerability exists in Graphicriver Clone Script, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'by' parameter of the 'LastAdded' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable page. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, such as usernames and passwords, or even full system compromise.
A SQL injection vulnerability exists in Themeforest Clone Script, which allows an attacker to execute arbitrary SQL commands via the 'by' parameter in the LastAdded page. This can be exploited to read, modify or delete data from the database.
Evostream Media Server 1.7.1 is vulnerable to a denial of service attack when a malicious HTTP header is sent to the built-in webserver. The malicious header contains a Content-Length field with a value of 5900 and a Content-Type field with a value of application/x-www-form-urlencoded. The header also contains a buffer of 4096 bytes which will be written to the stack.
Bull Clusterwatch/Watchware is a web application with CGIs (shell scripts and binaries) that is vulnerable to authentication bypass, remote code execution, and file write. An attacker can exploit these vulnerabilities to fully compromise servers running Watchware. The authentication bypass vulnerability is trivial, as the credentials are smwadmin/bullsmw. The file write vulnerability is exploitable by sending a request to write a shellcode to the system file. The remote code execution vulnerability is exploitable by sending a request to inject OS commands in the “lpp” field.
Exploit Daily Deals Script v1.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'id' parameter in the 'deal.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A SQL injection vulnerability exists in Mini CMS v1.1, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'name' parameter of the 'index.php' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, such as user credentials, or even full control of the database server.
A vulnerability in USBPcap.sys driver allows an attacker to gain privilege escalation by dereferencing a null pointer. The vulnerability is caused by the IofCallDriver function being called without validating values. This can be exploited by an attacker to gain control of the execution flow and execute arbitrary code with elevated privileges.
Services By CQR