The vulnerability is located in the "product_desc.php" file when the "id" parameter is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system.
IP2Location.dll v1.0.0.1 Initialize() Buffer Overflow is a vulnerability found and coded by sinn3r. It was discovered in the IP2Location.dll v1.0.0.1 library, which is vulnerable to a buffer overflow attack. The vulnerability can be exploited by constructing a malicious buffer and passing it to the Initialize() function. This will cause the program to crash and potentially allow an attacker to execute arbitrary code.
An attacker can bypass the admin page authentication by appending /login.php to the end of the URL. Additionally, an attacker can download any file in the directory by appending /login.php?action=download&filename= to the end of the URL.
Webiz is a web content management tool (wmt) with a version 2004. It has a local file upload vulnerability which allows an attacker to upload a malicious shell.php file. The attacker needs to have an administrator right to exploit this vulnerability.
This tool exploits the SQL injection vulnerability discovered within the Joomla component BF Quiz. It tries to give you the admin password hash.
The vulnerability exists in the Cosmos Solutions cms, which allows an attacker to inject malicious SQL queries via the 'page' and 'id' parameters in the 'p_inf.php' and 'index.php' scripts respectively.
MileHigh Creative is vulnerable to multiple injection vulnerabilities, including SQL, XSS, and HTML injection. An attacker can exploit these vulnerabilities by crafting malicious input and sending it to the vulnerable application. This can allow the attacker to gain access to sensitive information, execute arbitrary code, and modify the application's data.
A remote file inclusion vulnerability exists in NP_Twitter version 0.8, which allows an attacker to include a remote file by sending a specially crafted request to the vulnerable application. This can be exploited to execute arbitrary PHP code on the vulnerable system.
Marketing Web Design is prone to multiple vulnerabilities, including SQL injection and HTML injection. An attacker can exploit these issues to manipulate SQL queries, access or modify sensitive data, execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site, and possibly launch other attacks.
Services By CQR