The vulnerability exists in the Joomla component com_cartweberp. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains malicious input to the 'controller' parameter which is not properly sanitized before being used to include files. This can allow an attacker to include arbitrary files from the local system and execute arbitrary code on the vulnerable server.
com_aprice Blind SQL Injection Exploit is a vulnerability in the com_aprice component of Joomla! CMS. It allows an attacker to inject malicious SQL queries into the application, which can be used to extract sensitive information from the database. The exploit is based on the fact that the application does not properly validate user input, allowing an attacker to craft malicious SQL queries that can be used to extract data from the database.
Football Pool v3.1 is vulnerable to a database disclosure vulnerability. An attacker can access the NFL.mdb database file located in the /data/ directory. The admin page is located at /userLogin.asp.
A vulnerability exists in Service d'upload Version 1.0.0, which allows an attacker to upload a malicious shell to the server. The attacker can then execute arbitrary code on the server.
A buffer overflow vulnerability exists in PlayMeNow 7.4.0.0, which could allow a remote attacker to execute arbitrary code on the system. An attacker could send a specially crafted M3U playlist file to the vulnerable application, which could cause a buffer overflow and allow the attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the 'install.php' script. A remote attacker can create an administrator account on the vulnerable system by accessing the 'install.php' script.
Left 4 Dead Stats suffers from a remote SQL injection vulnerability in player.php.
A SQL injection vulnerability exists in the Events Plugins of Wordpress Script All Versions. An attacker can send a maliciously crafted request to the vulnerable script and execute arbitrary SQL commands in the back-end database, allowing for data theft and manipulation.
A vulnerability in the Joomla component com_dailymeals allows an attacker to perform a Local File Inclusion (LFI) attack. This vulnerability is caused by insufficient sanitization of user-supplied input in the 'controller' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. This will allow the attacker to include and execute arbitrary local files on the server.
A Cross-Site Scripting (XSS) vulnerability was discovered in AL-Athkat.v2.0. An attacker can exploit this vulnerability to inject malicious JavaScript code into the vulnerable application. This code will be executed in the browser of the victim when the vulnerable page is accessed. The malicious code can access any cookies, session tokens, or other sensitive information retained by the browser and used with the vulnerable application. This may lead to the attacker taking control of the affected user's session.
Services By CQR