A vulnerability exists in PHP121 Instant Messenger <= 1.4 due to the insecure usage of $_SESSION[sess_username] variable in php121login.php and other files. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system.
Simplog is vulnerable to remote command execution due to the use of unsanitized user input in the 's' parameter of the 'doc/index.php', 'admin/index.php' and 'admin/index.php' files. An attacker can exploit this vulnerability to execute arbitrary commands on the server.
Clansys 1.1 is vulnerable to a remote SQL injection vulnerability due to the lack of proper input validation. An attacker can exploit this vulnerability by sending a malicious SQL query to the application. This query can be used to extract sensitive information from the database, such as passwords which are stored in plaintext.
This module exploits an arbitrary PHP code execution flaw in the Horde web mail software. This vulnerability is only present in the 'Help Viewer Module'. Horde versions 3.0 up to 3.0.9 and 3.1.0 are vulnerable.
This module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.
XBrite Members version 1.1 and prior are vulnerable to a remote SQL injection vulnerability. If the PHP configuration directive magic_quotes_gpc is set to Off, an attacker can inject arbitrary SQL code into the application by manipulating the 'id' parameter in the 'members.php' script. This can be used to extract the MD5 hashes of all user passwords from the database.
Because of the false implemented userinputs, an attacker can login as admin with a simple SQL injection. Afterward, they can exploit a not validated GET variable to get admin's email and password. The script only verifies if a result is given back, and doesn't check if the entered email and password are the same as the email and password in the database.
This vulnerability is based on a flaw in the PhpOpenChat 3.0.x ADODB Server.php file, which allows an attacker to inject arbitrary SQL commands. This vulnerability is very hard to exploit, however, as it requires a 'root' user with no password, an existent 'test' database and Mysql to have certain rights to write files.
By sending multiple requests to the tmssql.php script, which allow execution of an arbitrary function without arguments, this will cause the Apache process to crash and to consume a large amount of memory.
This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit.
Services By CQR