Macs CMS 1.1.4 is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The CSRF vulnerability allows an attacker to create an admin user and delete a user. The XSS vulnerability allows an attacker to inject malicious JavaScript code into the application.
The attacker can post their XSS script in the description area of the 'Add Recipe' option of the Joomla Rapid Recipe website. The attack pattern is '>><marquee><h1>XSS3d By Sid3^effects</h1><marquee>'
A vulnerability exists in My Kazaam Address & Contact Organizer, which allows an attacker to inject arbitrary SQL commands via the 'var1' parameter in the 'contacts.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'var1' parameter value.
Enter the attack parameter on the 'Enter Refernce Number Below' Text box. SQLi Vulnerability: http://server/path/notes.php[sqli], XSS Vulnerability: http://server/path/notes.php[xss], HTML Vulnerability: http://server/path/notes.php[html]
Sillaj is a PHP time tracking tool. It allows you to register time on projects and tasks and create various reports. Multiuser and multilanguage, it uses a database backend and is themable through Smarty templates. Use the string a' or '1'='1 for Username and Password to gain access.
Let your users search all listings or just show products from your niche. No matter what interest brings visitors to your site, there's a good chance those visits can be monetized with Clickbank. CBQuick has just been improved again, is completely Clickbank TOS compliant, and now includes the following: Click Tracking, One Click Updates, No Duplicate Listings, Product Stats.
This exploit is a remote blind SQL injection vulnerability in the Your_Account module of PHP-Nuke 8.1.0.3.5b. The exploit uses a benchmark mode to calculate the average load time of the website and then uses this to determine the password of the user with the aid of a loop. The exploit requires the magic_quotes_gpc to be off.
This exploit allows an attacker to execute arbitrary commands on a vulnerable system. It is based on a vulnerability in PHP-Nuke <= 8.1.0.3.5b, which allows an attacker to inject malicious code into the application. The exploit uses a custom shell to execute the commands, and requires the magic_quotes_gpc setting to be disabled.
Elite CMS 1.01 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious HTML page that contains a form with hidden fields that can be used to change the admin password or create a new admin user. The form can be submitted without the user's knowledge or consent, allowing the attacker to gain access to the admin panel.
This exploit is a remote blind SQL injection vulnerability in the Web_Links module of PHP-Nuke 8.0. It allows an attacker to gain access to the database and extract the password for the 'god' user. The exploit works by calculating the average load time of the website and then sending requests with different characters to the website. If the response time is greater than the average load time, then the character is part of the password. The exploit is written in Perl and requires the LWP::UserAgent module.
Services By CQR