A SQL injection vulnerability exists in PHP-Fusion mg user fotoalbum 1.0.1. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'album_user_id' and 'album_id' parameters of the 'mg_user_fotoalbum.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information from the database.
The VideoDB is affected by multiple SQL Injection vulnerabilities. a) The search script search.php search.php?q=test&engine=videodb&owner=Guest&fields[]=[SQL Injection] b) The login script login.php Trigger SQL errors with the user name field or try admin' OR '1'='1 as user name. Hint: "Normal" auth bypass is not possible. c) The index.php script index.php?filter=new&quicksearch=test&owner=%3Cany%3E&mediafilter=[SQL Injection]&submit.x=0&submit.y=0. Local File Inclusion help.php?page=[LFI] Hint: Effective local file inclusion can be tricky.
Input passed to the 'ev_id', 'month' and 'year' parameters are not properly sanitised before being used in SQL queries or returned to the user. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code or execute arbitrary HTML and script code in a users browser session in context of an affected site.
Chipmunk Pwngame is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to bypass authentication and perform blind SQL injection.
Joomla CBE suffers from a local file inclusion vulnerability. As CBE also offers file uploading functionality that allows to upload files that contain php-code, this can be used to execute arbitary system-commands on the host with the webservers privileges.
A vulnerability in Flex Timesheet allows an attacker to bypass authentication by entering 'or'h4x0reSEC as the username and password.
xWeblog v2.2 is vulnerable to a SQL injection vulnerability in the 'tarih' parameter of the 'arsiv.asp' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
A remote SQL injection vulnerability exists in xWeblog v2.2. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
Shell Upload . you use 'GIF81a;' to upload a remote file to http://TARGET/path/library/thirdparty/filemanager/
This vulnerability allows an attacker to cause a denial of service attack via patterns that expand to a very large number of matches, such as a long string of */../*/..
Services By CQR