NP_Gallery version 0.94 is vulnerable to Remote File Inclusion and SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request can be sent to the NP_gallery.php file with the DIR_NUCLEUS parameter set to a malicious URL. An attacker can also exploit the SQL Injection vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request can be sent to the index.php file with the action, name, and type parameters set to plugin, gallery, and album or item respectively. The id parameter can be set to a malicious SQL query.
A vulnerability exists in fusebox (ProductList.cfm?CatDisplay) which allows an attacker to inject arbitrary SQL queries. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application. This can result in the disclosure of sensitive information from the database, modification of data, or even execution of arbitrary system commands.
YourArcadeScript v2.0b1 is vulnerable to Blind SQL Injection due to the lack of input validation in the 'username' parameter in the 'includes/saveregister.php' file. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
A vulnerability exists in Joomla Component com_jepoll (pollid) which allows an attacker to inject malicious SQL commands into the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable application. This can result in the disclosure of sensitive information from the database.
A SQL injection vulnerability exists in the Joomla Component BF Quiz version 1.3.0. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by manipulating the 'idnews' parameter of the 'news.php' script. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.
Multiple pages of the Realtor WebSite System E-Commerce are vulnerable to SQL injection attacks. The vulnerable pages are sponsorslist.php, index2.php, venues.php, getpasses_new.php, awards.php, mailing.php, news.php, filmlist.php, calendar.php, gallery.php, contact.php, and all files.php. All of these pages are vulnerable to SQL injection attacks when the idfestival parameter is supplied with malicious input.
VLC Media Player version <=1.0.6 is vulnerable to a malformed media file crash. The vulnerability is caused due to a boundary error when handling malformed media files and can be exploited to cause a stack-based buffer overflow via an overly long filename in a specially crafted AVI file. Successful exploitation may allow execution of arbitrary code.
This exploit crashes the HomeFTP Server r1.10.3 (build 144) by sending a large number of 'A' characters to the server. The exploit was found by Dr_IDE in May 28, 2010 and tested on Windows 7.
An SQL injection vulnerability exists in Realtor Real Estate Agent (idproperty) which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to manipulate data, disclose sensitive information, or gain access to the system.
Services By CQR