Openfoncier 2.00 is vulnerable to remote file include and local file include. An attacker can exploit this vulnerability to include remote files and execute arbitrary code on the vulnerable server. The vulnerability is located in the "index.php" file. The vulnerable code is: include($_GET['page']); The attacker can exploit this vulnerability by sending a malicious URL with the "page" parameter set to a remote file.
Openpresse 1.01 is vulnerable to a local file include vulnerability. This vulnerability allows an attacker to include a file from the local system, which can be used to gain access to sensitive information or execute malicious code. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'dsn[phptype]' parameter in the 'soustab.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file path in the 'dsn[phptype]' parameter.
LaNewsFactory is a news manager that is affected by many vulnerabilities that allow a guest to write arbitrary files on the system, include local files, read local files etc.
Template Seller Pro 3.25 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'tempid' parameter of the 'fullview.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database and disclosure of sensitive information.
A vulnerability was discovered in Easy Scripts Memorial Web Site Script which allows an attacker to delete memorials, pictures, multiple pictures, condoleances, funeral homes, resell and delete users by simply getting the ID of the registered users.
This exploit is for CommView Version 6.1 (Build 636) which is vulnerable to a Local Denial Of Service (BSOD). The exploit is written in C and uses the DeviceIoControl() function to send an IOCTL 0x22200b to the HackSysExtremeVulnerableDriver. This will cause the system to crash.
Excitemedia CMS is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the admin credentials of the application. The exploit uses a union select statement to extract the admin credentials from the members table.
This exploit allows an attacker to gain access to the admin panel of NKINFOWEB by exploiting a SQL injection vulnerability in the 'loadorder.php' file. The exploit is written in Perl and can be used to extract the admin ID, username and password.
A vulnerability exists in AlstraSoft EPay Enterprise v4.13, which allows an attacker to inject arbitrary SQL commands via the 'cid' parameter in shop.htm and shop.php. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.
A SQL injection vulnerability exists in Memorial Web Site Script, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in 'show_memorial.php'. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.
Services By CQR