Article Factory Manager 1.0.2 is prone to a SQL injection vulnerability.
A vulnerability exists in phpscripte24 Countdown Standart Rückwärts Auktions System, which allows an attacker to inject malicious SQL code into the vulnerable application. This can be exploited to gain access to the database and extract sensitive information such as passwords. The vulnerability is triggered when an attacker sends a specially crafted HTTP request containing malicious SQL code to the vulnerable application.
PHP Link Manager version 1.7 is vulnerable to URL redirection. An attacker can redirect users to a malicious website by crafting a malicious URL.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'big.asp' script. The malicious query can be used to extract sensitive information from the database, such as user credentials.
The GeoHttpServer remote DoS vulnerability is caused by the password recovery page not properly validating user-supplied passwords, causing a denial of service. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an overly long 'id' parameter.
The TFTPUtil GUI server version 1.4.5 can be DOSed by sending a specially crafted request. Discovered by Jeremiah Talamantes at RedTeam Security.
AVCON H323Call is vulnerable to a buffer overflow vulnerability when a maliciously crafted string is sent to the application. This can be exploited to execute arbitrary code by exploiting a SEH overwrite vulnerability.
An attacker can bypass the authentication process of the Administrador de Contenidos web application by entering ' or '1=1 as the username and password.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'sid' parameter to the '/friend.php' script. A remote attacker can execute arbitrary SQL commands in the application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server, etc.
An attacker can exploit a SQL injection vulnerability in ArticleLive (Interspire Website Publisher) by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or even execute arbitrary code on the server.
Services By CQR