The vulnerability exists in the com_mediamall version 1.0.4 component of Joomla. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query which can be used to extract data from the database. The PoC for this vulnerability is to send a request with a specially crafted SQL query to the vulnerable server. If the response is true, then the server is vulnerable to this attack.
A Local File Inclusion (LFI) vulnerability exists in the com_mtfireeagle version 1.2 component for Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to include arbitrary files from the server, which can lead to the disclosure of sensitive information or the execution of arbitrary code.
A Local File Inclusion (LFI) vulnerability exists in the Joomla Component Photo Battle version 1.0.1. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to include a file from a remote server that contains malicious code, which can be executed on the vulnerable server.
A vulnerability in the Joomla Component S5 Clan Roster allows an attacker to include local files on the server. This is done by sending a specially crafted HTTP request to the vulnerable server containing directory traversal sequences (e.g. '../') and a URL-encoded null byte (%00) at the end of the request. This allows the attacker to read any file on the server that the web server process has access to.
A Local File Inclusion (LFI) vulnerability exists in the com_wgpicasa version 1.0 component for Joomla. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
The vulnerability exists in Book Library v1.4.162, when a maliciously crafted .bkd file is opened, it causes a denial of service condition. The malicious file contains a single null byte which causes the application to crash.
When a user clicks 'New' and then 'Open' in the MovieLibrary application, a new .dmv file is created. When the user then clicks 'File' and 'Import Database', the application will stop responding after about 5 seconds.
YUI Images Script is vulnerable to shell upload. An attacker can upload a malicious file with a .php.giff extension to the server. The malicious file can be accessed at http://127.0.0.1/YUI-upload/html/files/
A vulnerability exists in Magic Uploader Mini Upload, which allows an attacker to upload malicious files on the server. This can be exploited by sending a specially crafted HTTP request with a malicious file to the vulnerable server.
Mihalism Multi Host is vulnerable to an upload vulnerability. An attacker can exploit this vulnerability by sending a malicious file to the server via Tamper Data. The malicious file can be accessed at http://127.0.0.1/Mihalis/images/02j3gul0lkay3ggoz5ci.php.
Services By CQR