Several cross-site scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET: bugs.aspx, delete_query.aspx, edit_bug.aspx, edit_bug.aspx, edit_comment.aspx, edit_customfield.aspx, edit_user_permissions2.aspx, massedit.aspx
A malicious user can upload a shell to the vulnerable OsCSS application by using a specially crafted HTML form. The form should be sent to the vulnerable URL http://localhost/admin/categories.php/login.php?action=insert_category&cPath= with the enctype set to multipart/form-data and the input type set to file. The malicious user can then upload a shell to the vulnerable application.
A vulnerability in Alibaba v3.4 clone b2b(countrydetails.php) allows an attacker to inject malicious SQL commands into the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the vulnerable parameter.
A NULL Pointer Dereference vulnerability exists in HP Data Protector Manager A.06.11. The vulnerability is caused by an access violation when attempting to read from 0x00000000 in MSVCR71.dll:7c350428 mov ax,[edx]. This can be exploited to cause a denial of service.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in usercookie[password] and X_FORWARDED_FOR variables. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in CHG_DYNPG_SET_LANGUAGE variable. Attacker can use browser to exploit this vulnerability. The vulnerability exists due to failure in the "/languages.inc.php" script, it's possible to generate an error that will reveal the full path of the script. The vulnerability exists due to failure in the "_rights.php" script to properly sanitize user-supplied input in "giveRights_UserId" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL databse.
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in email and title variables. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. A remote user can determine the full path to the web root directory and other potentially sensitive information.
The vulnerability exists due to failure in the "/index.php", "/create_account.php" and "/index.php" scripts to properly sanitize user-supplied input in ref, poll_id & poll_options_id and country variables respectively. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The parameter group_id of operation/agentes/estado_agente.php is vulnerable to blind sql injection. An attacker can exploit this vulnerability to gain access to the system by using a malicious URL.
The parameter id_group when get_agents_group_json is equal to 1 is vulnerable to SQL Injection attacks. PoC: http://host/pandora_console/ajax.php?page=operation/agentes/ver_agente&get_agents_group_json=1&id_group=1/**/and/**/1=0/**/union/**/select/**/id_user,password/**/from/**/tusuario
Services By CQR