An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. The malicious query can be sent via the ‘cat’ parameter of the ‘index.php’ script. The vulnerable code is located in the ‘com_maianmedia/music.php’ script.
An authentication bypass vulnerability exists in BPRealestate, a real estate site script. An attacker can exploit this vulnerability by logging in with the username 'admin' and the password '1'or'1'='1' to gain access to the admin panel.
An attacker can bypass the authentication of BPConferenceReporting by using the username 'admin' and the password '1'or'1'='1'
An authentication bypass vulnerability exists in BPDirectory - Business Directory ASP.NET Script. An attacker can exploit this vulnerability by accessing the AdminLogin.aspx page and logging in with the username 'admin' and the password '1'or'1'='1' to gain access to the application.
An authentication bypass vulnerability exists in BPAffiliateTracking - Affiliate Tracking Script. An attacker can exploit this vulnerability by sending a crafted request to the adminlogin.asp page with the username 'admin' and the password '1'or'1'='1' to bypass authentication.
vBulletin is prone to a Persistent Cross Site Scripting vulnerability within the Profile Customization feature. If this feature is not enabled the vulnerability does not exist and the installation of vBulletin is thereby secure. Within the profile customization fields, it is possible to enter colour codes, rgb codes and even images. The image url() function does not sanitize user input in a sufficient way causing vBulletin to be vulnerable to XSS attacks.
A vulnerability exists in Joomla Component com_alfurqan15x, which allows an attacker to inject arbitrary SQL commands via the 'surano' parameter in the 'viewayat' action. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary commands on the underlying operating system.
This exploit is a remote code execution vulnerability in Android 2.0/2.1 Webkit. It allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is triggered by creating a div element and setting its innerHTML to a specially crafted string. This causes a use-after-free condition which can be exploited to execute arbitrary code. The exploit code contains a NOP sled, shellcode, and IP address and port of the attacker's machine.
AbleDating script is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameters of the application. The malicious code can be injected into the 'title' or 'description' of a post in the forum, or into the 'date' parameter of the 'events_event_edit.php' page. The malicious code will be executed in the browser of the victim when they visit the affected page.
App. has classic buffer overflow vulnerability which can be triggered by passing a too long argument as a startup parameter. Shellcode can by run via classic ret overwrite or SEH Handler overwrite.
Services By CQR