eWebEditor is vulnerable to a remote file upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the upload.asp page of the application. The malicious file can be uploaded to the server and can be accessed by appending the malicious file name to the uploads/asp/ directory. This can be used to execute arbitrary code on the server.
This vulnerability allows an attacker to upload arbitrary files to the vulnerable server. The vulnerability exists due to insufficient validation of the file extension when uploading files via the FCKeditor file manager. An attacker can exploit this vulnerability by uploading a malicious file with a double extension (e.g. .php.jpg) and then accessing it directly via a web browser.
A vulnerability has been discovered in E-commerce Group (cat.php) which allows an attacker to inject malicious SQL commands into the vulnerable application. The vulnerability is due to the user input not being properly sanitized before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can exploit this vulnerability to gain access to sensitive information from the database, modify data, or execute system commands.
A vulnerability in Azimut Technologie allows an attacker to bypass the admin login page by using the username ' or '1=1 and the password ' or '1=1.
The vulnerability exists in the product.php page of Tochin Ecommerce, where an attacker can inject malicious SQL queries or Cross Site Scripting payloads in the product_id parameter.
An attacker can upload a malicious file to the Asset Manager application by appending a malicious file extension to the file name. This can be done by accessing the assetmanager.asp page and uploading the malicious file.
The vulnerability allows an attacker to upload malicious files to the vulnerable server. The attacker can access the vulnerable URL http://[PATH]/tinybrowser/upload.php?type= and upload malicious files to the server.
A vulnerability exists in the Online Job Board script, which allows an attacker to bypass authentication and gain access to the admin panel. This vulnerability works only when magic_quotes_gpc is set to off. The PoC for this vulnerability is to access the admin panel with the following credentials: Admin ID: ' or '1=1, Password: ' or '1=1.
This exploit allows an attacker to upload arbitrary files containing malicious PHP code to a vulnerable cardinalCms 1.2 (fckeditor) application. The vulnerable code is located in the /[path]/html/news_fckeditor/editor/filemanager/upload/php/upload.php file.
Axis2 is a web services/SOAP/WDSL engine, widely used within many commercial products Procheckup has found it is vulnerable to a vanilla Cross-Site Scripting Vulnerability (XSS). Axis2 is used within SAP Business Objects 12 and 3com's IMC network management tool.
Services By CQR