Enthrallweb emates 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the underlying database and potentially gain access to sensitive information.
Enthrallweb eCars 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as user credentials and other confidential data stored in the database.
Enthrallweb eJobs is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
The vulnerability exists due to improper sanitization of user-supplied input in the 'city' and 'aminprice' parameters of the 'result.asp' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A remote SQL injection vulnerability exists in Enthrallweb ePhotos 1.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to the underlying database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter.
This exploit uses the IO::Socket module to send a malicious REST or PBSZ command to the FTP server, causing it to crash.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a file from a remote web server through a vulnerable script on the web server. The vulnerable code is require "{$news_cfg['path']}/german.inc.php";
A remote file include vulnerability exists in b2verifauth.php, which allows an attacker to include a remote file. The vulnerable code is include($index);, where the $index variable is not sanitized and can be manipulated to include a remote file.
In file index.php, the variable of page is not sanitized, allowing an attacker to exploit the vulnerability when register_globals is set to on. The POC example is http://[target]/[path]/index.php?page=../../../../../etc/passwd.
Open Newsletter version 2.x is vulnerable to multiple vulnerabilities such as Subscribers Email Retrieve, Credential Retrieve and Remote Command Execution. An attacker can exploit these vulnerabilities to gain access to sensitive information and execute arbitrary commands on the vulnerable system.
Services By CQR