A directory traversal vulnerability exists in Joomla Component com_jvideodirect. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a maliciously crafted URL with a directory traversal payload, which allows the attacker to access sensitive files on the server, such as the /etc/passwd file.
This vulnerability allows an attacker to read sensitive files on the server by exploiting a directory traversal vulnerability in the Joomla component com_jcollection. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'controller' parameter of the 'index.php' script. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences (e.g. '../../../../../../etc/passwd%00') and read arbitrary files from the server.
A SQL injection vulnerability exists in ZeEwAyS ScRiPt, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'product_desc.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can result in the disclosure of sensitive information such as usernames and passwords.
A directory traversal vulnerability exists in Joomla Component com_dashboard, which allows an attacker to read arbitrary files on the server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'controller' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g., '../') to the vulnerable script. This may allow the attacker to read arbitrary files on the server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'seeMess' parameter to '/index.php' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Also, the setup.php script is accessible without authentication, which can be used to gain administrative access.
This exploit is a buffer overflow vulnerability in Real Player version 12.0.0.343. The exploit is triggered by sending a maliciously crafted URL to the application, which causes the application to crash. The URL contains a string of 8000000 'A' characters, which causes the application to crash when it attempts to process the URL.
phpMDJ 1.0.3 is vulnerable to a Remote Sql Injection vulnerability due to improper sanitization of user input in the 'id' parameter of the 'profile.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. An example of such a request is http://site/path/profile.php?id=-1 union select 1,2,3,mdp,5,6,pseudo,8,9,10,11,12,13,14,15,16 FROM phpmdj_users where id=1--
The PHPCalendars script is vulnerable to XSS via the 'cat' parameter in the product_list.php file. An attacker can inject malicious JavaScript code into the 'cat' parameter, which will be executed in the browser of the victim when the page is loaded.
TermiSBloG V 1.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to admin credentials.
An attacker can inject malicious SQL queries into the vulnerable parameter 'id' of the 'game.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An example of a malicious URL is http://server/games/game.php?id=-999+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--
Services By CQR