Reflective XSS can be exploited by adding a onclick event handler to the post variables seller_contact_id, listing, company, phone, from_name. XSRF exploit can be used to make a user account of the attacker's choice into an admin account by setting the user_level value to 9.
Blind SQL Injection is a type of attack that allows an attacker to execute malicious SQL statements on a database without the knowledge of the database owner. The attacker can use this technique to gain access to sensitive data, such as passwords, credit card numbers, and other confidential information. XSS is a type of attack that allows an attacker to inject malicious code into a web page or application. The attacker can use this technique to gain access to sensitive data, such as passwords, credit card numbers, and other confidential information.
CubeCart 3.0.4 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the application. An attacker can craft a malicious HTML page containing a form with hidden fields and submit it to the vulnerable application. This will add an admin user to the application without the user's knowledge or consent. This vulnerability was discovered by P0C T34M in 2010.
HttpBlitz is a cross platform Http web server developed using C++. Sending a long string or scanning the port using nmap will crash the program.
User input from variable token is being used in the MySQL query without any filtration, so that there is possibility to run arbitarary sql commands. If query is correct (returns proper result) user will be redirected to an url containing response. In other case cms will force throwing 404 server response.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'img.php' script. A remote attacker can include arbitrary local files and execute arbitrary code on the vulnerable system.
iDevCart 1.10 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the server, which can lead to remote code execution.
An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by manipulating the 'productId' parameter of the 'viewProd' action of the '_a' parameter. An attacker can use this vulnerability to access or modify the application's data, such as usernames and passwords, or even delete data.
This vulnerability allows an attacker to include a remote file on the webserver. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'index.php' script. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
A vulnerability in the Joomla component com_ponygallery allows an attacker to include a remote file via the mosConfig_absolute_path parameter in the admin.ponygallery.html.php and admin.ponygallery.php scripts.
Services By CQR