A Local File Inclusion (LFI) vulnerability exists in Joomla Component com_juliaportfolio. An attacker can exploit this vulnerability to include local files on the server. The vulnerable parameter is ‘controller’ which can be exploited by using ‘../’ to traverse to the parent directory. An attacker can use this vulnerability to include local files on the server such as /etc/passwd and /proc/self/environ.
A stack buffer overflow vulnerability exists in Media Player classic StatsReader (.stats file) which could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient boundary checks when processing a specially crafted .stats file. An attacker can exploit this vulnerability by enticing a user to open a malicious .stats file.
The FreeBSD and OpenBSD 'ftpd' service is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
A vulnerability in the dreamlive Auktionshaus script news.php allows an attacker to inject arbitrary SQL commands via the 'id' parameter. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL commands to the vulnerable script. This can be done by appending a 'union select' statement to the 'id' parameter, which allows the attacker to extract data from the database.
Invision Power Board Currency Mod(edit) SQL injection is a vulnerability that allows an attacker to update their user to an admin account by exploiting a SQL injection vulnerability in the Invision Power Board Currency Mod(edit). The exploit is done by sending a POST request with the user's ID and password hash to the server, which then updates the user's account to an admin account.
Retrieve users username and plaintext password.
An SQL injection vulnerability exists in the Joomla Component com_family. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
The vulnerability exists in the 'com_leader' component of Joomla. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'view' task of the component. An example of the malicious query is '-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11 FROM jos_users'. This query will allow the attacker to extract data from the database.
An SQL injection vulnerability exists in the Joomla Component com_start. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'mitID' in the URL. An example of this exploit is http://127.0.0.1/index.php?option=com_start&task=main&mitID=-1/**/UNION/**/SELECT/**/1,concat(username,0x3a,password),3,4/**/FROM/**/jos_users/*
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the URL. For example, http://127.0.0.1/index.php?option=com_party&view=party&task=details&id=-1/**/UNION/**/SELECT/**/1/**/FROM/**/jos_users/*
Services By CQR