The vulnerability exists in the popen() function in the includes/class.phpmailer.php file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This will allow the attacker to execute arbitrary commands on the server.
A SQL injection vulnerability exists in Kayako eSupport v3.70.02, which allows an attacker to execute arbitrary SQL commands via the _m and _a parameters in the index.php file.
A buffer overflow vulnerability exists in Easy FTP Server v1.7.0.11 when handling CWD command. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by sending a specially crafted CWD command with an overly long string.
An authentication bypass vulnerability exists in ClickAndRank Script, which allows an attacker to bypass authentication and gain access to the admin panel.
Easy FTP Server v1.7.0.11 is vulnerable to a buffer overflow vulnerability in the MKD command. An attacker can exploit this vulnerability by sending a specially crafted MKD command with a payload of 272 bytes. This exploit has been tested on Windows XP Pro SP2 and SP3.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter. The malicious query can be used to extract sensitive information from the database such as usernames and passwords.
A SQL injection vulnerability exists in the Joomla Component (com_spa) which allows an attacker to execute arbitrary SQL commands via the 'cid' parameter in a 'index.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can result in the disclosure of sensitive information from the database, such as user credentials.
Calendarix is a web-based events manager written in PHP and requires MySQL for the database. The vulnerability exists in the cal_cat.php file, where the 'limit' parameter is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can exploit this vulnerability to gain access to sensitive information.
Subrion Auto Classifieds is a powerful, highly customizable classifieds script for auto sales sites. It is written in PHP with MySQL. Due to its easy manageable administrator Web interface and its great amount of features it is an excellent choice if you need a cars classifieds portal or an auto auction site. An attacker can register and submit their auto with malicious XSS scripts in the options. The malicious script will be executed when the automobile is viewed.
Freelancers Marketplace Script is an Extensive and Powerful script written in PHP and Ajax to launch your own Freelancers website. An attacker can insert their evil scripts or shells in the 'describe' section of the post_project.php page and then check the main sites for the projects to find the script or shell.
Services By CQR