Softbiz B2B trading Marketplace Script is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the buyers_subcategories.php page with the IndustryID parameter. For example, http://localhost/path/buyers_subcategories.php?IndustryID=1+union+select+1,2,concat(LoginID,0x3d,password)+from+admin-- can be used to extract sensitive information from the database.
RPM Select/Elite v5.0 is vulnerable to a buffer overflow vulnerability when parsing a specially crafted .xml configuration file. The vulnerability is caused due to a boundary error when copying user-supplied data into a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by e.g. supplying an overly long string in the 'lfFaceName' field. Successful exploitation may allow execution of arbitrary code.
Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System, which can be exploited by malicious users to conduct SQL injection and script insertion attacks. Authentication is required to exploit these vulnerabilities.
Nucleus CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view arbitrary files from the affected computer with the privileges of the webserver process. This may aid in further attacks. Nucleus CMS is prone to a local-file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view arbitrary files from the affected computer with the privileges of the webserver process. This may aid in further attacks. Nucleus CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mocha LPD v1.9 is vulnerable to a remote heap overflow vulnerability. This exploit uses a 'write 4' technique to execute a shellcode that launches calc.exe. The exploit was tested on Windows XP SP1 and uses anti-debugging techniques to hide the payload.
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component BeeHeard Lite version 1.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
A local file inclusion vulnerability exists in com_blogfactory version 1.1.2. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable application. This can allow the attacker to include arbitrary local files on the web server.
A local file inclusion vulnerability exists in com_delicious version 0.0.1. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to include a file from a remote server that contains malicious code, which can be executed on the vulnerable system.
A local file inclusion vulnerability exists in Joomla Component JA Comment. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable application. This can allow the attacker to include a file from the local system or a remote system that is accessible by the vulnerable system.
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component Love Factory version 1.3.4. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a maliciously crafted parameter value which can be used to include arbitrary files from the vulnerable server.
Services By CQR