A vulnerability exists in Realtor WebSite System E-Commerce, which allows an attacker to inject malicious SQL commands into the 'idcourse' parameter of the 'coursedetail_eng.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to sensitive information from the database.
Toronja CMS is vulnerable to HTML/XSS Injection. An attacker can inject malicious HTML/XSS code into the 'txt_filtro' parameter of the 'index.php' page. This can be exploited to execute arbitrary HTML/XSS code in a user's browser session in context of an affected site.
An attacker can exploit this vulnerability by injecting malicious SQL queries into the vulnerable parameters of the application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to modify or delete data.
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component MediQnA. An attacker can exploit this vulnerability to include arbitrary files from the web server, such as the /etc/passwd file. This vulnerability is due to insufficient sanitization of user-supplied input in the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation of this vulnerability will allow an attacker to include arbitrary files from the web server, resulting in the disclosure of sensitive information.
A SQL injection vulnerability was discovered in the Hampshire Trading Standards Script. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id' in the 'tradeCategory.php' script. This can allow the attacker to gain access to the database and potentially execute arbitrary code.
Parlic Design is vulnerable to multiple injection vulnerabilities. An attacker can inject malicious SQL/XSS/HTML code into the 'id' parameter of the vulnerable page. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code, to execute arbitrary HTML and script code in a user's browser session in context of an affected site, and to access or modify sensitive data.
A buffer overflow vulnerability exists in the ftpd service of FreeBSD 8.0. An attacker can send an overly long username to the ftpd service, which can cause a stack-based buffer overflow and allow the attacker to execute arbitrary code on the vulnerable system.
The vulnerability exists in the GlobalWebTek Design website, which allows an attacker to inject malicious SQL queries into the vulnerable web application. The vulnerable parameters are 'CAT' and 'famid' in the URLs 'productos.php?CAT=' and 'etalle_productos.php?famid='. An attacker can exploit this vulnerability to gain unauthorized access to the database and manipulate the data.
Spaceacre is vulnerable to SQL/HTML/XSS Injection. An attacker can inject malicious SQL/HTML/XSS code into the vulnerable parameter 'catID' of the index.php file. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code, to execute arbitrary HTML code in the browser of the victim and to manipulate the victim's browser to execute malicious XSS code.
A SQL injection vulnerability exists in Multi Vendor Mall, which allows an attacker to execute arbitrary SQL commands on the underlying database. This vulnerability is present in the itemdetail.php and shop.php scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. This can be done by appending the malicious SQL commands to the itemid or storeid parameter in the URL. For example, an attacker can send a request like http://localhost/[path]/itemdetail.php?itemid=-39 union select 0,1,2,3,4,5,group_concat(EMAIL,0x3a3a,PASSWORD,0x3c62723e),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+members_tbl-- to exploit the vulnerability.
Services By CQR