TR Forum 1.5 is vulnerable to SQL injection, XSS and reinstallation of admin information. An attacker can exploit these vulnerabilities by sending a malicious SQL query to the application, injecting malicious JavaScript code into the application or reinstalling the admin information.
Your Articles Directory is the most innovative state of the art solution you need to launch a customizable content driven web site in the shortest period of time. From user-friendly customization options to easy content creation process, Your Articles Directory prides itself in content authoring for its users... regardless of technical limitations. By using the following combo ' or 1=1 or ''=' the attacker can login In the login option: http://server/designs/gator/
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be sent via the 'cat' parameter in the 'browse.html' page. For example, sending the following payload will reveal the version of the database: -9999+union+all+select+1,2,version(),4,5,6--
A vulnerability exists in AlstraSoft AskMe Pro, where an attacker can inject arbitrary SQL commands into the 'casting_view.php' script. This can be exploited to disclose sensitive information from the database, such as user credentials.
GeneShop 5 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The maliciously crafted request contains a payload that is designed to modify the SQL query executed by the application. This can be used to extract sensitive information from the database or to modify the data stored in the database.
This exploit allows an attacker to add an admin user to the gpEasy CMS by sending a maliciously crafted request to the vulnerable application. The attacker can specify the username, password, and email address of the new admin user. The exploit code provided creates a form with the necessary fields and submits it to the vulnerable application.
A SQL injection vulnerability exists in Joomla Component Wap4Joomla (wapmain.php) which allows an attacker to execute arbitrary SQL commands via the 'option' and 'action' parameters. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can result in the disclosure of sensitive information from the database, such as user credentials, or even the execution of arbitrary code on the underlying operating system.
SoftBizScripts Hosting Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify data, execute administration operations on the database and in some cases issue commands to the operating system.
This exploit is a Denial of Service vulnerability in Safari 4.0.3 & 4.0.4. It is written in JavaScript and causes an infinite loop of iframes to be created, which eventually causes the browser to crash. Other versions of Safari may also be vulnerable.
A SQL injection vulnerability exists in Pligg CMS version 1.0.4 and previous. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the vulnerable parameter.
Services By CQR