A SQL injection vulnerability exists in the Joomla Component com_actions. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter actionid. This can allow an attacker to gain access to sensitive information from the database.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'parent' in the URL. The malicious query can be sent in the form of '-1+UNION+SELECT+version(),2--' which can be used to extract the version of the database. The attacker can also use this vulnerability to extract other information from the database.
A SQL injection vulnerability exists in the Joomla Component com_television. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' in the 'index.php' script. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
A SQL injection vulnerability exists in Joomla Component com_spec. An attacker can send a malicious SQL query to the vulnerable parameter 'pro_id' of the 'index.php' script to execute arbitrary SQL commands in the backend database.
Pepsi CMS (Irmin CMS) pepsi-0.6-BETA2 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit this vulnerability to gain access to sensitive information and execute malicious code on the vulnerable system.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'season' of the 'com_guide' component. The crafted query can be sent via the URL as shown in the example below: http://127.0.0.1/index.php?option=com_guide&season=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12--
A SQL injection vulnerability exists in Powie's PSCRIPT Gästebuch version 2.09 and earlier. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails stored in the database.
This exploit is for xwine v1.0.1 (.exe file) which is a local crash PoC exploit. It uses a payload of 'xwine' followed by 4095 A's and then '.exe' which causes the program to crash. The exploit is written in perl and can be installed using 'sudo apt-get install xwine'.
By default, comersus.mdb isn't password-protected, and contains the following sensitive information: order information (buyer's address, phone, order status, tracking #, obs, etc), settings (encryption password, admin email, company information, etc), shipments, etc. Enough to cause damage for the business if any of that information is obtained.
A stack overflow vulnerability exists in ASX to MP3 Converter Version 3.0.0.100 when a maliciously crafted .asx file is opened. This can be exploited to execute arbitrary code by overwriting the return address on the stack with a pointer to attacker-supplied code. The vulnerability is caused due to a boundary error when processing the file.
Services By CQR