PHP page internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the 'page' parameter.
Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account.
AMPPS 2.7 is vulnerable to a denial of service attack. An attacker can send a 'BOOM' string to the target server on port 80, causing the server to crash. This can be done by using a simple python script.
EdTv 2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
Electricks eCommerce 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to change the admin password. An attacker can craft a malicious HTML page containing a form with the necessary parameters to change the admin password. When the admin visits the malicious page, the form will be automatically submitted and the admin password will be changed.
iServiceOnline 1.0 is vulnerable to an SQL injection vulnerability in the 'r' parameter of the Report/Repair page. An attacker can send a maliciously crafted HTTP request to the application to execute arbitrary SQL commands on the underlying database.
SIPve 0.0.2-R19 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'usuario' and 'idgrupo' parameters in the 'monitorasocAcc.php' and 'getGrupoFuncionLoaded.php' scripts, respectively. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
A SQL injection vulnerability exists in Webiness Inventory 2.3. An attacker can send a specially crafted HTTP POST request to the vulnerable WsModelGrid.php file to execute arbitrary SQL commands and gain access to sensitive information in the back-end database.
Webiness Inventory 2.3 is vulnerable to an arbitrary file upload and Cross-Site Request Forgery (CSRF) vulnerability which allows an attacker to upload a malicious file and add an admin user to the application.
Alive Parish 2.0.4 is vulnerable to SQL Injection and Arbitrary File Upload. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'key' in the 'search' page. An attacker can also upload arbitrary files by sending a malicious POST request to the 'photo' page.
Services By CQR