This exploit allows an attacker to execute arbitrary code on a vulnerable Nitrotech version 0.0.3a. The vulnerability is due to the lack of input validation in the 'date' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request with a specially crafted 'date' parameter. This will allow the attacker to execute arbitrary code on the vulnerable system.
Techno Dreams Guestbook v1.0 suffers from a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'key' parameter to '/MainAnnounce2.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, gain access to sensitive data, modify application's data, etc.
A vulnerability exists in PHP My Ring <= 4.2.1 in the cherche.php script, which allows an attacker to inject arbitrary SQL queries. This can be exploited to gain access to the database and potentially gain access to sensitive information.
The Faq Administrator script is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'email' parameter of the faq_reply.php script. This will allow the attacker to execute arbitrary code on the vulnerable server.
Netref 4 (cat_for_aff.php) is vulnerable to source code disclosure. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable script with the parameter 'ad_direct' set to the path of the file to be disclosed. This will allow the attacker to view the source code of the file.
PHPEasyData Pro 2.2.2 is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to inject malicious SQL queries into the application, which can be used to gain unauthorized access to the application's database. The exploit is triggered when a user submits a specially crafted username and password to the application. The exploit code is written in ASP and uses the ADODB.Connection and ADODB.Recordset objects to connect to the application's database and execute the malicious SQL query.
A vulnerability exists in Simple Website Software v0.99 (common.php) which allows an attacker to include a remote file. This is due to the application not properly sanitizing user-supplied input to the 'SWSDIR' parameter in 'common.php'. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary code on the vulnerable system.
A vulnerability in Free File Hosting version 1.1 allows an attacker to include a remote file on the vulnerable server. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.
A vulnerability in Free Image Hosting version 1.0 (forgot_pass.php) allows remote attackers to include arbitrary files via a URL in the 'include_path' parameter.
Services By CQR