This software comes with an admin panel form where you can check the number of listing and do the options like edit/delete. Admin can set email setting form the admin panel. Upload information of your travel country wise. Admin can upload hotel and travel details for each country like hotel photo, rates, hotel location, hotel facilities from admin panel so that visitors to the website can see all these when they log on to website. The vulnerability is a SQLi vulnerability and the demo URL is http://server/traveldemo/tour_packages.asp?country=[sqli], http://server/traveldemo/hoteldetails.asp?id=[sqli], http://server/traveldemo/tourdetails.asp?id=[sqli], http://server/traveldemo/viewnews.asp?id=[sqli].
Pithcms 0.9.5 is vulnerable to a local include exploit. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, containing an arbitrary file path in the 'lang' parameter. This will allow the attacker to read the contents of the file, such as the /etc/passwd file.
DMSEasy0.9.7 is vulnerable to an arbitrary file upload vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability to upload malicious files to the web server and execute arbitrary code.
None
Rosoft Audio Converter 4.4.4 is vulnerable to a buffer overflow vulnerability when a malicious file is opened in the audio converter and saved. This can be exploited to execute arbitrary code by creating a malicious file and opening it in the audio converter, selecting save. The exploit code contains a shellcode that executes calc.exe, but it can be changed for Windows 7.
2daybiz online classified system allows users to post new ads, for which a predefined amount can be charged. The SQL Injection vulnerability can be exploited by sending malicious SQL queries to the application, while the XSS vulnerability can be exploited by sending malicious JavaScript code to the application.
Nakid CMS is vulnerable to a remote arbitrary file upload vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by uploading malicious files to the server, which can be used to execute arbitrary code on the server. The vulnerability exists in the 'config.php' file, which is located in the 'includes/js/fckeditor/editor/filemanager/connectors/php/' directory. The 'config.php' file contains the following code: '$Config['Enabled'] = true ;' and '$Config['UserFilesPath'] = '/nakid_uploads/' ;'. This allows an attacker to upload arbitrary files to the server, which can be used to execute arbitrary code.
PHPAuctionSystem had various vulnerablities which was found. The exploit involves registering as a user, going to the 'sell an item' option, posting malicious code in the item description, and then checking the item to execute the malicious code and upload a shell.
ASPTR.NET is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Uye.asp' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, such as usernames and passwords, and can also lead to the execution of arbitrary SQL commands.
This exploit allows an attacker to include a malicious script on the vulnerable server by manipulating the tpl_base_dir parameter in the commentform.php file.
Services By CQR