Input passed via the "article" parameter to pilot.asp and kb.asp is not properly sanitised before being used in a SQL query. Input passed via the "specific" parameter to cart.asp is not properly sanitised before being used in a SQL query. Input passed via the "countrycode" parameter to contact.asp is not properly sanitised before being used in a SQL query. Input passed via the "srch" parameter to search.asp is not properly sanitised before being used in a SQL query. Input passed to the "countrycode" parameter in contact.asp is not properly sanitised before being returned to the user. Input passed to the "USERNAME" parameter in gateway.asp and cart.asp is not properly sanitised before being returned to the user. Input passed to the "specific" parameter in quote.asp and buyitnow.asp is not properly sanitised before being returned to the user.
A vulnerability exists in Joomla Component com_ckforms which allows an attacker to perform a Local File Inclusion (LFI) attack. The attacker can send a specially crafted HTTP request to the vulnerable application in order to include a file from the local system. This can be exploited to gain access to sensitive information such as system and application files.
phpCow v2.1 is vulnerable to a file inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow the attacker to include a remote file containing arbitrary code, resulting in arbitrary code execution on the server.
Acritum Femitter HTTP-FTP Server is an easy-to use HTTP and FTP server application for Windows which allows you to use your own computer for sharing gigabytes of files with your friends and colleagues. No need to pay for expensive hosting! No need to spend hours to upload your files to a remote server!
RSform! 1.0.5 (Joomla) is vulnerable to Local File Include and SQL Injection. The Local File Include vulnerability can be exploited by appending '?option=com_forme〈=../../../../../../../../../etc/passwd%00' to the URL. The SQL Injection vulnerability can be exploited by appending '?option=com_forme〈=-1' union select benchmark(1000000,md5(1)) -- ' to the URL. RSform! Pro is not affected.
Multiple scripts with multiple parameters are affected from this vulnerability. Example #1: index.php?section=redir&affid=0&kid=0&zid=[SQL Injection]. Example #2: Visit the 'register' page index.php?section=user&action=register and enter your SQLi string into the email field. Fill out the other fields with some normal stuff (like test) and view your result. Visit the 'register' page index.php?section=user&action=register and enter your CSRF string into the email field. Fill out the other fields with some normal stuff (like test) and view your result. Visit index.php?section=doc&action= and fill out the action parameter. Example: index.php?section=doc&action=test. Visit index.php?section=doc&action=test and play around with both the section and action parameters. You will notice that a local file inclusion is not possible, but you will get an interesting error message.
A Remote File Inclusion (RFI) vulnerability exists in MassMirror Uploader, which allows an attacker to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable server. The vulnerability is due to insufficient sanitization of user-supplied input to the 'GLOBALS[MM_ROOT_DIRECTORY]' parameter in 'example_1.php'. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server.
The vulnerability allows an unprivileged attacker to read & write files whom he has no permissions to. The vulnerable TFTP commands are: GET - Read File, PUT - Write File.
The vulnerability allows an unprivileged attacker to read & write files whom he has no permissions to. The vulnerable FTP command are: GET - Read File, PUT - Write File.
This exploit is a buffer overflow vulnerability in LEADThumbLib.LEADThumb ActiveX control (lttmb11n.ocx) which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when handling the 'BrowseDir' method. By passing a specially crafted argument to the 'BrowseDir' method, an attacker can cause a stack-based buffer overflow, resulting in the execution of arbitrary code.
Services By CQR