UK One Media CMS suffers from an sql injection vulnerability when parsing query from the id param which results in compromising the entire database structure and executing system commands.
Simply by omitting login process to the open ftp server it is possible to execute any command, including but not limited to: listing files, retrieving files, storing files.
Kubelance is a web-based software that allows users to create and bid on projects with an integrated Escrow system. It comes with 10 templates for users to choose from and supports multiple languages. It also has a powerful Admin panel for controlling the site and a plugin payment system for additional payment methods. However, it is vulnerable to SQL Injection attacks.
Whether you want to sell digital or physical products, this fully featured shopping cart script is the perfect solution for managing your business. With a simple, straightforward administration area, you can add as many categories and products as you wish, view pending order, past orders, and email customers. But even better, you can attract affiliates to promote your online store, and make either a percentage commission or flat rate commission per sale down to 3 levels as preferred. Emailing affiliates is as simple as clicking a few buttons, and typing in your message. This quality script includes built-in product search capability to enable your customers to find exactly what they're looking for quick smart, and shows featured products with associated images. You can even offer up to 5 merchant programs for the convenience of your shoppers. Truly a jam packed script with many attractive features that you should check out today! The vulnerability is a SQLi vulnerability which can be exploited by sending a malicious SQL query to the server via the URL http://server/shopcart/index.php?c=[sql].
Banner Management Script can be one of the most useful tools for any webmaster. If you own 1 or more websites and want to sell banner top and bottom sponsor banner ads then this tool can be one of the best tool for you. Our Banner Management script allows you to sell banner ads on multiple websites from 1 place only. You can provide your advertisers with real time stats of impressions and hits. This script is easy to install and comes with a Free Installation so if you need any help in installations we will install it for no extra cost. A SQLi vulnerability was discovered in the trackads.php page, allowing an attacker to inject malicious SQL queries.
MarketSaz is vulnerable to remote file upload. An attacker can upload a malicious file to the server and execute it.
The vulnerability is a combination of SQL Injection, Persistent XSS and Reflective XSS. The SQL Injection can be exploited by sending a crafted request with the parameters q, catid, search_from_price, search_to_price, search, task and option. The Persistent XSS can be exploited by sending a crafted request with the parameters Title, Address 2 and Zipcode. The Reflective XSS can be exploited by sending a crafted request with the parameters option, task, cid, time and Itemid.
The Ozio Gallery 2 component for Joomla is vulnerable to an open mail relay and a directory traversal vulnerability. An attacker can exploit the open mail relay vulnerability by sending an email to any address from the vulnerable server. The directory traversal vulnerability allows an attacker to read and create thumbnails of any file on the server.
As a user, register and go to the profile page. Insert an evil XSS script or XSS shell into the 'What's on your mind PRO module' field.
A boundary condition error in H264WebCam 3.7 allows remote attackers to cause a denial of service (HTTP server process termination) via a crafted request.
Services By CQR