A Blind SQL Injection vulnerability was discovered in Joomla Component ChronoForms (com_chronocontact). The vulnerability is triggered when an attacker sends malicious input to the vulnerable parameter 'itemid' in the URL. This can allow an attacker to gain access to sensitive information from the database.
ChronoConnectivity for Joomla 1.5 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'itemid' in the URL. This can allow the attacker to gain access to the database and potentially gain access to sensitive information.
Delivering Digital Media CMS is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a specially crafted SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The vulnerable parameter is the ‘edicion_id’ parameter in the ‘index.php’ file. An example exploit request is http://[site]/sitio/index.php?edicion_id=1&categoria_id=1&origen_id=1&articulo_id=-1+union+select+1,2,3,4,GROUP_concat%28user_id,0x3a,username,0x3a,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+sys_user--
Hexjector is vulnerable to persistent XSS due to the lack of filtering of the $url2 parameter in line 91. An attacker can insert malicious JavaScript, HTML, or other code into the File Dump Created. There are a few variations for to exploit this, such as using XSS codes directly in a XSS vulnerable site, using XSS codes directly, using SiXSS to generate a XSS code in a SQL Injection vulnerable site, or including XSS code after the vulnerable parameter in a SQL Injection vulnerable site.
XFTP 3.0 Build 0239 is vulnerable to a buffer overflow when handling a long filename retrieved using "LIST". An attacker can exploit this vulnerability by serving a malicious response as a FTP server, and tricking the victim into double clicking on the filename.
Musicbox is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit is for Mediacoder v0.7.3.4672. It is a SEH exploit which uses a buffer overflow vulnerability to execute malicious code. The malicious code is written in Python and is used to create a malicious .m3u file which contains the malicious code.
An attacker can use c99-shellcode, for example, to exploit a vulnerability in the banned.php file of the Visitor Logger application. The vulnerability exists in lines three to four of the file, where the application includes a file from the VL_include_path parameter without proper validation.
e107 0.7.21 is vulnerable to a Remote File Inclusion vulnerability due to a lack of proper sanitization of user-supplied input. This allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code and execute it in the context of the webserver process.
QuickTalk v1.2 is vulnerable to multiple security issues, including source code disclosure and XSS. An attacker can exploit these vulnerabilities to gain access to sensitive information and execute malicious scripts in the browser of an unsuspecting user.
Services By CQR