Plume CMS is a fully functional Content Management System in PHP on top of MySQL. It is vulnerable to Local File Inclusion (LFI) due to the lack of proper input validation in the 'plume/manager/articles.php', 'plume/manager/tools.php' and 'plume/manager/news.php' files. An attacker can exploit this vulnerability to include malicious files from the local system and execute arbitrary code.
The vulnerability allows an attacker to inject malicious JavaScript code into the application via the 'id' parameter in the 'view_ad.php' script. An attacker can also bypass authentication by accessing the 'cpindex.html' page. Additionally, an attacker can access the 'backup' directory without authentication.
A vulnerability exists in the Free Image & File Hosting Upload Vulnerability, which allows an attacker to upload malicious files to the server. This can be exploited by sending a specially crafted HTTP request with a malicious file attached. The attacker can then access the malicious file from the server.
Anyzip is a file compression software developed by TBSoft Inc. It is vulnerable to a SEH overflow vulnerability. An attacker can exploit this vulnerability by crafting a malicious .zip file with a specially crafted payload. When the file is opened, the payload will be executed, allowing the attacker to execute arbitrary code on the target system.
A local file inclusion vulnerability exists in Joomla Component aWiki, which allows an attacker to include a file from the local system. This can be exploited to disclose sensitive information or execute arbitrary code by including malicious files from the local system.
A SQL injection vulnerability exists in Espinas CMS, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'news.asp' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable page. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.
An XSS vulneravility has been discovered in NextGEN Gallery, a very popular and commonly used plugin for the Wordpress content management system commonly found as a blogging platform. This vulnerability results from reflected unsanitized imput that can be crafted into an attack by a malicious user by manipulating the mode parameter of the xml/media-rss.php script.
A SQL injection vulnerability exists in Joomla Component XOBBIX version 1.0.x. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Juke will Crash when you run this script to make a file with any of the following extensions .xm .nst .s3m .stm .mod. Usage: Run Script -> Add file with + -> Press Play
ShopSystems is a German IT company. They offer webdesign, hosting and training services. One of their most famous products is the software ShopSystem. It is an online shop and allows their customers to offer their products online. Like in other shops it is possible to provide pictures which show the product being offered. By clicking on the image the view gets enlarged (file: view_image.php) and MySQL injection through the ID parameter is possible. Vulnerable URL: http://some-cool-domain.tld/shop/view_image.php?id=XX Exploit vulnerability, e.g. by displaying the current database: http://some-cool-domain.tld/shop/view_image.php?id=XX+AND+1=2+UNION+SELECT+concat(database()),2,3- Note: The MySQL output gets displayed within the image URL, so you have to view the source code of the current page in order to retrieve your information.
Services By CQR