Injection of malicious JavaScript code into vulnerable parameters of the Joomla Component Table JX, such as index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS] and index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS].
A remote file inclusion vulnerability in CF Image Host 1.1 allows an attacker to upload a malicious file to the server and execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input in the "upload.php" script. An attacker can exploit this vulnerability by uploading a malicious file to the server and then executing it.
The Comersus 8 Shopping Cart is vulnerable to SQL Injection and CSRF. By using the combo ' or 1=1 or ''=' the attacker can login. The attacker can modify the options which are available.
This exploit is for Urgent Backup 3.20 & ABC Backup Pro 5.20 and ABC Backup 5.50. It creates an evil zip or rar file using msfvenom to bind a shell to port 4444.
A vulnerability exists in Webthaiapp detail.php(cat) which allows an attacker to inject malicious SQL queries into the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'cat' parameter in the 'detail.php' script. This can be used to access or delete information from the database, or to exploit further vulnerabilities in the underlying system.
Puntal version 2.1.0 is vulnerable to remote file inclusion. The vulnerability is located in the "index.php" file when the "page" parameter is passed through GET method. The vulnerable code is located in the "index.php" file.
The vulnerability exists in the Joomla component com_newsfeeds, which allows an attacker to inject arbitrary SQL commands. By manipulating the 'feedid' parameter in the 'index.php' file, an attacker can inject malicious SQL commands. An example of this is shown in the exploit code, where the attacker can inject a 'UNION SELECT' statement to retrieve the username and password of the Joomla users.
Full Path Disclosure: A vulnerability in New-CMS allows an attacker to view the full path of the web application. Local File Inclusion: A vulnerability in New-CMS allows an attacker to include a local file in the web application. Persistent XSS: A vulnerability in New-CMS allows an attacker to inject malicious JavaScript code into the web application. XSRF: A vulnerability in New-CMS allows an attacker to perform certain actions on behalf of the user without their knowledge or consent.
AutoDealer is an application ideal for the small or independent new or used car dealer who needs a way to display and update their inventory online. Backend by Access database, AutoDealer can store thousands of vehicles in categories with images. The exploit is present in two versions, Ver.1 http://server/Auto1/type.asp?iType=[ur injection code] and Ver.2 http://server/auto2/auto2/detail.asp?iPro=[ur injection code]
A vulnerability exists in Apple Safari 4.0.3 (Win32) which allows a remote attacker to cause a denial of service condition. The vulnerability is caused due to an error in the handling of CSS tags and can be exploited to crash the browser by sending a specially crafted HTML page to the user. Successful exploitation of this vulnerability may allow an attacker to crash the browser of the user.
Services By CQR