The vulnerability exists in the ADMP script, which allows an attacker to perform a Local File Include (LFI) attack by manipulating the 'style' parameter in the footer.php file. Additionally, an attacker can also perform a SQL injection attack by manipulating the 'click' parameter in the bannershow.php file.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server with the vulnerable parameter. This will allow the attacker to execute arbitrary SQL queries on the underlying database, potentially allowing the attacker to gain access to sensitive information such as usernames, passwords, and emails.
Xbtit is vulnerable to a SQL injection vulnerability in the 'index.php' page. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable page. The query will return the first user's ID, username, and password from the 'xbtit_users' table. The query is sent via the 'order' parameter in the URL.
A SQL injection vulnerability exists in the systemsoftware Community Black index.php script, which allows an attacker to execute arbitrary SQL commands via the 'd' parameter in a 'list1' action. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails.
A stack buffer overflow vulnerability exists in Mackeitone Media Player when processing specially crafted .m3u files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This exploit is a buffer overflow vulnerability in Yahoo Player v1.0 (.m3u) which allows an attacker to overwrite the EIP register and execute arbitrary code. The exploit is triggered by sending a specially crafted .m3u file to the vulnerable application. The exploit code creates a file called 'crash.m3u' which contains the malicious payload.
A vulnerability exists in Azeno CMS which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable script. This can result in the disclosure of sensitive information from the database.
This exploit is used to exploit a blind SQL injection vulnerability in Joomla's com_races component. It takes the URL of the vulnerable page as an argument and then uses a series of requests to determine the username and password of the administrator. It does this by comparing the length of the response of a request with a true and false condition.
An attacker can exploit a SQL injection vulnerability in the Joomla Component com_comp by sending a maliciously crafted HTTP request to the vulnerable server. The vulnerable parameter is the 'cid' parameter which is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can use this vulnerability to gain access to the vulnerable server.
A Local File Inclusion (LFI) vulnerability exists in Joomla Component com_sbsfile. An attacker can exploit this vulnerability to include local files on the server. The vulnerable parameter is ‘controller’. An attacker can send a crafted HTTP request with malicious ‘controller’ parameter to include local files on the server.
Services By CQR