An attacker can exploit a SQL injection vulnerability in the 2daybiz B2B Portal Script by sending malicious SQL queries to the vulnerable parameter 'cat_id' in the URL 'www.site.com/products/business2business/selling_buy_leads1.php?cat_id=[SQLI]'. This can allow the attacker to gain access to sensitive information from the database.
A Remote File Inclusion (RFI) vulnerability exists in ARSC Really Simple Chat V3.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system. A Cross Site Scripting (XSS) vulnerability also exists in ARSC Really Simple Chat V3.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system.
A CSRF vulnerability exists in Allomani & Clips v2.7.0 which allows an attacker to add an admin account by sending a malicious POST request. The request contains the username, password, email, group_id and useraddbutton parameters.
The vulnerability exists in the products_details.php, products.php and designview.php scripts, where an attacker can inject malicious SQL queries into the vulnerable parameters sbid, pid and designid respectively.
2daybiz Matrimonial Script is vulnerable to SQL Injection and Cross Site Scripting. An attacker can inject malicious SQL queries into the vulnerable parameters of the application and can also inject malicious JavaScript code into the vulnerable parameters of the application.
WM Downloader 2.9.2 is vulnerable to a stack buffer overflow vulnerability. An attacker can exploit this vulnerability by sending a specially crafted M3U file with a long URL. This will overwrite the EIP register and allow the attacker to execute arbitrary code on the vulnerable system.
A buffer overflow vulnerability exists in Geomau 7 (.wg2) which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the application when processing a specially crafted .wg2 file. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a malicious .wg2 file. Successful exploitation may allow execution of arbitrary code.
Wincalc 2 is vulnerable to a local buffer overflow vulnerability. By creating a specially crafted .num file, an attacker can overwrite the EIP register and execute arbitrary code on the vulnerable system. The exploit has been tested on Windows XP SP 3 FR.
An arbitrary file upload vulnerability exists in Big Forum 5.2v, which allows an attacker to upload malicious files to the server. Additionally, a local file inclusion vulnerability exists, which allows an attacker to include malicious files from the server. Both vulnerabilities can be exploited by sending a specially crafted HTTP request to the vulnerable application.
A remote file inclusion vulnerability exists in phportal_1.2. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to the 'uzanti' parameter in the 'gunaysoft.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable system.
Services By CQR