A SQL injection vulnerability exists in Alienor Web Libre 2.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data.
Surreal ToDo 0.6.1.2 is vulnerable to Local File Inclusion. An attacker can send a specially crafted HTTP request containing directory traversal characters (e.g. '../') to read arbitrary files from the web server. This can be exploited to read sensitive files from the web server.
Surreal ToDo 0.6.1.2 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted HTTP request to the vulnerable application. For example, an attacker can send a malicious HTTP request to the vulnerable application such as http://localhost/[PATH]/ajax.php?action=lists&page_id=[SQL] or http://localhost/[PATH]/?search=[SQL] to exploit the vulnerability.
A command injection vulnerability was discovered in evince, a document viewer for multiple document formats. The vulnerability is caused due to the improper sanitization of user-supplied input when handling .cbt files. An attacker can exploit this vulnerability by creating a malicious .cbt file and tricking a user into opening it with evince. This will allow the attacker to execute arbitrary commands on the vulnerable system.
This exploit is a proof of concept for a denial of service vulnerability in CuteFTP Mac 3.1. The vulnerability is triggered when a user pastes a large amount of data into the 'Host', 'User', 'Password' and 'Port' fields of the 'Quick Connect' window. This causes the application to crash.
Attackers can change target server's root password and execute command, by CSRF vulnerability. Also, there is a XSS vulnerability, hacker can exploit the CSRF vulnerability by this XSS vulnerability and run bad-purposed JavaScript codes on administrator's browser. Hacker can exploit this vulnerability (changing root password) by XSS or CSRF. Hacker will create a website and put those codes into source. If hacker wants to exploit this by CSRF, CWP administrator will click hacker's website. But if hacker wants to exploit this by XSS, CWP administrator will click here: (admin's own website). The second vulnerability is remote command execution. Hacker can exploit this vulnerability (remote command execution) by XSS or CSRF too. Again, hacker will create a website and put those codes into source. If hacker wants to exploit this by CSRF, CWP administrator will click hacker's website. But if hacker wants to exploit this by XSS, CWP administrator will click here: (admin's own website).
Nominas 0.27 is vulnerable to SQL injection in the 'username' parameter of the checklogin.php script. An attacker can exploit this vulnerability to gain access to the database, including the username, database name, and version. This can be done by sending a specially crafted HTTP POST request to the checklogin.php script with the 'username' parameter set to '%27+UNION+ALL+SELECT+0x31%2C0x32%2C0x33%2CCONCAT_WS%280x203a20%2CUSER%28%29%2CDATABASE%28%29%2CVERSION%28%29%29--+Ver+Ayari'
This exploit is a proof of concept for a denial of service attack against Mongoose Web Server 6.9. The exploit creates multiple connections to the server and sends a 'BOOM' string to each connection, causing the server to crash.
ServerZilla 1.0 is vulnerable to an SQL injection vulnerability in the 'email' parameter of the reset.php page. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with malicious SQL code in the 'email' parameter. This can allow an attacker to gain access to sensitive information from the database.
An attacker can exploit a SQL injection vulnerability in GPS Tracking System 2.12 by sending a specially crafted HTTP POST request to the login.php page. The request contains a malicious username parameter which when processed by the vulnerable application, results in an attacker gaining access to the application.
Services By CQR