osCSS, Open Source E-Commerce Solutions is vulnerable to multiple vulnerabilities. An attacker can exploit this vulnerability by accessing the admin/backups directory and logging in with the credentials admin@localhost and admin. This will allow the attacker to access the database backups of the osCSS Demo Shop.
A vulnerability exists in Al Sat Scripti Data Bass Download, which allows an attacker to download the database file. The attacker can access the database file by sending a request to the vulnerable URL http://127.0.0.1/ucuzalsat/ucuzalsat.mdb and logging in.
The vulnerability exists in the 'good.php' script, which is vulnerable to SQL injection and XSS attacks. An attacker can inject malicious SQL code into the 'good_id' parameter to execute arbitrary SQL commands on the underlying database. An attacker can also inject malicious JavaScript code into the 'good_id' parameter to execute arbitrary JavaScript code on the vulnerable web page.
A SQL injection vulnerability exists in phptroubleticket version 2.0 and lower. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
This exploit is a remote denial of service exploit caused by buffer overflow. It is written in Ruby and tested on iPod Touch 3G 3.1.3. It is tested from GNU/Linux (Sidux) with a future PenTBox version. It has three exploits: 1 - USER [MALFORMED], 2 - cd [MALF], 3 - delete [MALF].
Majoda CMS is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to the login page. This will allow the attacker to bypass authentication and gain access to the administrative panel.
Baykus Yemek Tarifleri is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This exploit is a blind SQL injection vulnerability in the Joomla com_liveticker component. It allows an attacker to extract the username and password of the administrator from the Joomla database. The exploit works by sending a specially crafted HTTP request to the vulnerable component and then analyzing the response time to determine the username and password.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable Joomla application. This request contains malicious SQL statements that can be used to extract sensitive information from the database, such as usernames and passwords. The exploit code for this vulnerability is available at http://server/index.php?option=com_yanc&Itemid=75&listid=-2+UNION SELECT concat(username,0x3a,password),2+from+jos_users--
WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.
Services By CQR