sNews v1.7 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'category' parameter in the 'index.php' script. This can be exploited to gain access to the database and potentially gain access to sensitive information.
Mediacoder v0.7.3.4682 is vulnerable to a buffer overflow vulnerability when processing specially crafted .m3u files. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when processing the .m3u file. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted .m3u file with an overly long string in the first line.
A SQL injection vulnerability exists in InTherapy IT Armory Component 0.1.4. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter. This can be exploited to disclose the content of the back-end database, modify data, compromise the back-end database, and potentially compromise other systems that are connected to the same back-end database.
Dork: inurl:"index.php?option=com_oziogallery" http://{localhost}/{path}/index.php?option=com_oziogallery&Itemid=[SQL]
A SQL injection vulnerability exists in the AKY Blog script, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to the lack of proper input validation in the ‘default.asp’ script, which allows an attacker to inject malicious SQL commands via the ‘islem’ and ‘id’ parameters. An attacker can exploit this vulnerability to gain access to sensitive information, such as passwords, from the vulnerable system.
Open Realty is vulnerable to a persistent XSS vulnerability due to lack of input validation in the save_search() and view_saved_searches() functions. An attacker can inject malicious JavaScript code into the usersavedsearches_title field of the usersavedsearches table, which is then executed when the view_saved_searches() function is called. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
sNews is vulnerable to a SQL injection vulnerability in the index.php file. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query that can be used to extract sensitive information from the database.
The faq.php was only indirectly affected, and serves more as an 'issue' because an error was partly responsible for the phrases. The issue was published this afternoon and vBulletin responded with a patch on it. The vulnerability is related to the /install/vbulletin-language.xml file which contains the MySQL password for any person to be visible.
A vulnerability exists in the ValidForm Builder script, which allows an attacker to execute arbitrary commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'shell_exec' function in the 'class.phpcaptcha.php' file. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary command execution on the vulnerable system.
PhotoPost PHP 4.6.5 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'ecard' and 'photo' parameters in the 'ecard.php' and 'showphoto.php' scripts, respectively.
Services By CQR