This exploit allows an attacker to execute arbitrary SQL commands on the vulnerable Apache OFBiz application. The exploit is triggered by sending a specially crafted POST request to the EntitySQLProcessor servlet, which contains the malicious SQL command. The malicious command is then executed by the application.
ZykeCMS V1.1 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to the login page. The username should be ' or 1=1-- - and the password should be 1. This will allow the attacker to gain admin control of the application.
The vulnerability exists in the login.php page, where the parameter 'idioma' is not properly sanitized before being used in a require() function. This can be exploited to include arbitrary files from local resources. The XSS vulnerability exists in the carga_foto_al.php page, where the parameter 'usuario' is not properly sanitized before being used in an echo() function. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This exploit is a Denial of Service (DoS) vulnerability in PHP 5.3.0. It is caused by an integer overflow in the bcpow() function. The exploit code creates a large string of 9s and passes it to the bcpow() function, which causes an integer overflow and results in a crash. The code is written in PHP and was coded by Pejvak.
A vulnerability exists in Joomla Component com_manager 1.5.3, which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in a 'index.php?option=com_manager&view=flight&Itemid=[SQL]' URL. This can be used to bypass authentication and gain access to the application.
ilchClan <= 1.0.5B is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application with the malicious payload. The payload can be used to extract sensitive information from the database such as user credentials.
A vulnerability exists in fckeditor, which allows an attacker to upload arbitrary files to the server. The vulnerability is due to the lack of authentication when uploading files. An attacker can exploit this vulnerability by sending a malicious file to the server and then accessing it directly. This can lead to the execution of arbitrary code on the server.
The BladeCenter management module is a hot-swappable hardware device plugged into the BladeCenter chassis management bay. The management module functions as a system-management processor (service processor) and keyboard, video, and mouse (KVM) multiplexor for blade servers. This device can be remotely rebooted by sending a malformed TCP packets.
Camiro-CMS_beta-0.1 is vulnerable to a remote arbitrary file upload vulnerability. This vulnerability exists due to insufficient validation of the file type in the upload.php script. An attacker can exploit this vulnerability to upload arbitrary PHP code and execute it in the context of the webserver process.
60cycleCMS v2.5.2 is vulnerable to multiple local file inclusion. The vulnerability is located in the 'DOCUMENT_ROOT' parameter of the 'config.php' file. The attacker can include local files with the help of directory traversal techniques.
Services By CQR