A SQL injection vulnerability exists in Joomla! Component Directorix Directory Manager v1.1.1. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.
An attacker can exploit a SQL injection vulnerability in Joomla! Component J-MultipleHotelReservation Standard v6.0.2 by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to modify the data stored in the database.
A SQL injection vulnerability exists in Joomla! Component Eventix Events Calendar v1.0. An attacker can send a malicious SQL query to the vulnerable parameter 'selected_date' in 'index.php' file via the 'view' parameter to execute arbitrary SQL commands in application's database.
A vulnerability exists in Joomla! Component J-CruiseReservation Standard v3.0, which allows an attacker to inject malicious SQL queries via the 'city' parameter in the 'cruises/cruises' page. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An attacker can exploit a SQL injection vulnerability in Joomla! Component J-HotelPortal v6.0.2 by sending a malicious SQL query to the vulnerable parameter 'review_id' in the URL. This can allow the attacker to access or modify the contents of the database.
This exploit is a proof-of-concept for a Cross-Site Request Forgery (CSRF) vulnerability in Digisol routers. The exploit sends a POST request to the router's web interface, which changes the router's SSID and WPA2 passphrase to 'hacked' and 'csrf1234' respectively.
The router (AP) is using very poor authentication mechanism. It uses a static cookie to verify the incoming authentication. After careful inspection it was found that the cookie used were same for any number of authentication by the Admin. Thus the cookie can be easily forged and the admin account could be compromised without supplying the credentials.
A directory traversal web vulnerability has been dsicovered in the official Album Lock v4.0 ios mobile web-application. The issue allows an attackers to unauthorized request and download local application files by manipulation of path parameters.
A SQL injection vulnerability exists in Joomla! Component PayPal IPN for DOCman v3.1, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'addToCart' task. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter.
A SQL injection vulnerability exists in Joomla! Component MaQma Helpdesk v4.2.7. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of application data.
Services By CQR