A vulnerability exists in the Ero Auktion 2010 website, which allows an attacker to inject malicious SQL commands into the 'news.php' page. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords.
An SQL injection vulnerability exists in Ero Auktion V.2.0, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'news.php' script. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL statements to the vulnerable application. This can be done by appending the malicious SQL statement to the 'id' parameter in the 'news.php' script, such as 'www.site.com/flashauktion/news.php?id=11111111+union+select+1,2,concat%28name,0x3a,password%29,4,5+from+users'.
A vulnerability in Ac4p.com Gallery v1.0 allows an attacker to upload malicious files, view php info, execute XSS payloads, bypass authentication, and exploit insecure cookie handling.
Softbiz Jobs ( news_desc) is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' in the 'news_desc.php' script. This can allow the attacker to gain access to the admin panel of the application.
Netzbrett is vulnerable to a database disclosure vulnerability. An attacker can exploit this vulnerability by sending a GET request to the dump.php file. This will allow the attacker to view the database information, including usernames and passwords.
TimeClock is a free open-source application released under the GPL. It is vulnerable to a Remote Code Execution vulnerability due to an insecure form submission. An attacker can exploit this vulnerability by crafting a malicious form submission to the add_user.php script, which will add an administrator user to the application. This can be used to gain access to the application and potentially execute arbitrary code on the server.
A vulnerability in the FlatFile system allows an attacker to remotely disclose the password of the admin user. This is due to the fact that the userlist.txt file is publicly accessible and contains the password of the admin user before the admin name.
A Local File Inclusion (LFI) vulnerability exists in Joomla Component com_communitypolls. An attacker can exploit this vulnerability to read sensitive files from the server. The vulnerable parameter is ‘controller’ which can be manipulated to include local files.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'searchstr' parameter to '/include.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
The PhoneDirectory.php script is vulnerable to SQL injection. An attacker can exploit this vulnerability by passing malicious SQL statements in the 'ID' parameter of the GET request. This can allow an attacker to gain access to sensitive information such as user credentials and other data stored in the database.
Services By CQR