A buffer overflow vulnerability exists in Kwik Pay Payroll version 4.10.3, which allows an attacker to crash the program by importing a specially crafted .mdb file. The specially crafted .mdb file contains 5000 bytes of data, which causes the program to crash when imported.
webERPcustomer component for Joomla! is prone to a local file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to include arbitrary local files from the web server and execute arbitrary code within the context of the vulnerable application.
The component back end allows the entry of locations. Also assigning users to a location is done in the back end. Users that are not assigned a location do not show up in the User Status Screen. After creating locations and assigning users, an attacker can exploit the vulnerability by sending a crafted URL to the vulnerable application, such as http://127.0.0.1/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00, which will allow the attacker to view sensitive information from the server.
A vulnerability exists in EContent Joomla Component version 1.0.1 which allows an attacker to include a local file by manipulating the 'controller' parameter in a GET request. An attacker can exploit this vulnerability to include a local file, such as the /etc/passwd file, and view its contents.
ALPHA CMS is an A.P.I - free (Open Archiecture), MVC based Content Management System. ALPHA CMS architecture gives the ability to easily create advanced web pages, and to manage them with a user friendly interface.
Simply Sites RGV is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The maliciously crafted request contains a maliciously crafted page_id parameter which contains a relative path to the file which the attacker wants to include. For example, an attacker can send a maliciously crafted request like http://127.0.0.1/payment.php?page_id=../../../../../../../../etc/passwd to include the /etc/passwd file.
A Blind SQL Injection vulnerability exists in the Joomla Component com_trading. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' in the 'showsharedetails' task. An example of the exploit is 'http://127.0.0.1/index.php?option=com_trading&task=showsharedetails&id=1+AND+1=0+UNION+SELECT+1,2,3,4,5,6,7,8,9,10--'
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'cid' in the URL. The attacker can use the UNION operator to append the results of a query to the existing query and extract data from the database. For example, an attacker can send the following request to the vulnerable parameter 'cid': -999+UNION+ALL+SELECT+1,2,3,4--
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'cid' in the URL. An example of the malicious query is -1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
Faweb_2 is vulnerable to multiple vulnerabilities, including an upload vulnerability and a bypass vulnerability. The upload vulnerability allows an attacker to upload malicious files to the server, while the bypass vulnerability allows an attacker to bypass authentication and gain access to the admin panel. Both vulnerabilities can be exploited by sending a specially crafted HTTP request to the server.
Services By CQR