Ananda Real Estate version 3.4 and below is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'agent' in the 'list.asp' script. An example of a malicious SQL query is '-1 union select username,0,0,0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from user where id like 1'
Pagetool CMS version 1.07 and below is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a URL pointing to a malicious file hosted on the attacker's server. The malicious file contains malicious code which is then executed on the vulnerable server.
Ultimate PHP Board chat/login.php does not sanatize the $username ($_GET["username"]) variable before writing it to chat/text.php on line 28, arbitrary php code can be written then executed by visiting chat/text.php.
This exploit allows an attacker to inject malicious SQL code into the vulnerable Newsletter MX application. The attacker can then gain access to the application's database and extract sensitive information such as usernames and passwords.
This exploit allows an attacker to inject malicious SQL code into the vulnerable File Upload Manager application. This can be used to gain access to the application's database and extract sensitive information such as usernames and passwords.
A Cross-Site Scripting (XSS) vulnerability exists in ASP.NET web application due to improper input validation. An attacker can inject malicious JavaScript code into the application, which will be executed in the browser of the victim when the vulnerable page is accessed. This can be used to steal session cookies, hijack user sessions, redirect users to malicious websites, etc.
A SQL injection vulnerability exists in the myprofile.asp page of the target application. An attacker can exploit this vulnerability by sending malicious input in the form of a POST request to the vulnerable page. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially leading to the disclosure of sensitive information.
A remote SQL injection vulnerability exists in Calendar MX BASIC version 1.0.2. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the back-end database.
Dragon Business Directory is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Enthrallweb ePages is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
Services By CQR