A vulnerability exists in the validation of input data in 'calendar.php' of vBulletin Version 2.3 which allows an attacker to send SQL requests to the server. An example of such an attack is www.server.som/forumpath/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies, public, userid, '0000-0-0 ', version (), userid FROM calendar_events WHERE eventid = 14) order by eventdate. Additionally, a vulnerability to Version 2 .*.* exists which introduces XSS script tag e-mail.
vBulletin 3.0.0 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the search.php, forumdisplay.php, newthread.php, and Status fields of the application. This malicious code can be used to steal cookies, hijack user sessions, and redirect users to malicious websites.
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. A vulnerability exists in the ForceChangePassword.jsp page, where an attacker can inject malicious SQL commands. This can be confirmed by using the commands ' or 'a' = 'a' and or exists (select 1 from sys.dual) and ''x''=''x' which will result in ORA-00907 and ORA-01756 errors respectively.
A denial of service vulnerability exists in Open & Compact FTPd due to improper handling of user authentication requests. An attacker can send a specially crafted user authentication request with an overly long string, resulting in a crash of the service.
ULoki Community Forum v2.1 is vulnerable to Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code into the 'location' parameter of the 'usercp.php' page. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.
HASHE! Multiple Sql Injection Vulnerability is a vulnerability that allows an attacker to inject malicious SQL code into a vulnerable web application. The attacker can use this vulnerability to gain access to sensitive data, such as user credentials, or to modify the data stored in the database. The vulnerability can be exploited by sending specially crafted SQL queries to the vulnerable web application. The attacker can also use the vulnerability to bypass authentication and gain access to the application's administrative functions.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be sent as a parameter in the URL, for example: www.site.com/index.php?do=show&cid=null[Sql Injection]. The attacker can also bypass the Not Acceptable error by sending the following query: www.site.com/index.php?do=show&cid=-NULL'/**/UNION/**/ALL/**/SELECT/**/111,222,333,444,555,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- -
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'p' parameter of the 'index.php' script. A remote attacker can execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request with a malicious 'p' parameter value. Additionally, an authentication bypass vulnerability exists due to an SQL injection in the 'user' and 'pass' parameters of the 'index.php' script. A remote attacker can bypass authentication and gain access to the 'sh3ll' page by sending a specially crafted HTTP request with malicious 'user' and 'pass' parameter values.
A SQL injection vulnerability was discovered in Zomorrod CMS. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify or delete data, or even execute arbitrary system commands.
A buffer overflow vulnerability exists in JIKO, which allows an attacker to execute arbitrary code by supplying a specially crafted .pls file. The vulnerability is caused due to a lack of proper boundary checks when handling user-supplied input. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted .pls file with an overly long string.
Services By CQR