DUC is a dynamic DNS update client that continually checks for IP changes in the background and automataically updates the DNS at NO-IP via HTTP. The username, password, and domain name can be decoded thus making the user more vulnerable to MITM attacks.
A SQL injection vulnerability exists in 2daybiz B2B Portal Script. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'companyinfo.php' script to execute arbitrary SQL commands in the back-end database.
ActiveCollab presents a Local File Inclusion / Directory Traversal vulnerability on its “module” parameter, due to an insufficient sanitization on user supplied data. A malicious user could get all the files in the web server, and also get all a shell in the system, in case of being able to write PHP code in any file that could be loaded through the “module” parameter (i.e Apache logs).
A SQL injection vulnerability exists in the AbleDating script, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'view' parameter of the 'news.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable server. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, modification of data, and other malicious activities.
The vulnerability exists in the view_current_job.php, show_search_more.php and show_search_result.php scripts, which fail to properly sanitize user-supplied input before using it in an SQL query. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable script and executing arbitrary SQL commands in application's database. This may allow the attacker to access or modify sensitive data in the back-end database, compromise the integrity of the data or exploit various vulnerabilities in the underlying SQL server software.
2daybiz - The Web Template Software is vulnerable to SQL injection and XSS. An attacker can inject malicious SQL queries into the 'tid' parameter of the 'customize.php' script. Additionally, an attacker can inject malicious JavaScript code into the 'keyword' and 'password' parameters of the 'category.php' and 'memberlogin.php' scripts respectively.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'viewpropertydetails.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the application, retrieve sensitive information from the database, modify data, or execute arbitrary code on the server.
An attacker can inject malicious SQL queries into the user-profile.php page of the 2daybiz Video Community portal, by appending the malicious SQL query to the userid parameter.
A Local File Inclusion (LFI) vulnerability exists in Joomla Component com_realtyna. An attacker can exploit this vulnerability to read sensitive files on the server. The vulnerable parameter is ‘controller’ which is located in the URL. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious ‘controller’ parameter value. The malicious value contains relative path traversal characters (../). This will allow the attacker to read sensitive files on the server.
AdaptCMS 2.0.0 Beta is vulnerable to a remote file inclusion vulnerability due to a lack of sanitization of user-supplied input to the 'sitepath' parameter in the 'init.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.
Services By CQR