Yamamah Photo Gallery 1.00 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
A SQL injection vulnerability exists in Eyeland Studio Inc. software. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'play.php' script to execute arbitrary SQL commands on the underlying database.
The exploit allows for XSS, SQL Injection and Full Path Disclosure vulnerabilities in all recent versions of UTStats. XSS can be exploited by sending a malicious payload to pages/match_report.php?mid=, while SQL Injection can be exploited by sending a malicious payload to index.php?p=matchp&pid=' and Full Path Disclosure can be exploited by sending a malicious payload to pages/servers_info.php.
This exploit is a remote code execution vulnerability in Unreal3.2.8.1. It allows an attacker to execute arbitrary code on the vulnerable system by sending specially crafted payloads to the Unreal3.2.8.1 server. The payloads can be used to download and execute malicious code, delete files, or shutdown the server.
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Remote System Init vulnerability allows the attacker to reset the system by entering the page (.php.lock). Cross Site Request Forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. SQL Injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
LiteSpeed Technologies Web Server Remote Source Code Disclosure zero-day Exploit discovered and exploited by Kingcope in June 2010. The exploit allows an attacker to remotely access the source code of a file on the server. The exploit works by sending a specially crafted HTTP request with a null byte at the end of the file name. The server then responds with the source code of the requested file.
Yamamah 1.0 is vulnerable to a blind SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'calbums' in the URL. For example, http://target/path/?calbums=1+and+1=1-- can be used to exploit this vulnerability.
The Infront software is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The request contains a malicious SQL query that can be used to extract sensitive information from the database, such as user credentials. The vulnerable file is breaking_news.php and the exploit code is http://target/path/breaking_news.php?newsid=union select 1,2,3,concat(email,0x3e,user,0x3e,pass),5,6+FROM+login. After exploiting the vulnerability, the attacker can login to the server using the extracted credentials.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. The malicious query can be sent via the 'userid' parameter in the 'userinfo.php' page. An attacker can also exploit this vulnerability by sending a malicious XSS payload to the vulnerable application. The malicious payload can be sent via the 'msg' parameter in the 'notice.php' page.
Manage Payroll and track leave/sickness-absence/travel. Manage all forms of out of office notifications. Integrated time keeping systems/payrool calculations.
Services By CQR