South Gate Inn Online Reservation System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP POST request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
K-iwi Framework 1775 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose arbitrary data from the database.
SaltOS Erp, Crm 3.1 r8126 is vulnerable to Database File Download. An attacker can download the saltos.db file which contains the usernames and passwords of the users. This vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable server.
A buffer overflow vulnerability exists in Modbus Slave 7.0.0 which could allow an attacker to cause a denial of service condition. An attacker can send a specially crafted request to the vulnerable application, which will cause a denial of service condition. This vulnerability is due to a lack of proper validation of user-supplied input when handling requests. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application.
SaltOS Erp, Crm 3.1 r8126 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP POST request to the vulnerable application to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose sensitive data.
A SQL injection vulnerability exists in E-Negosyo System 1.0, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'single-item' or 'view' action to the 'index.php' script.
RhinOS CMS 3.x is vulnerable to an arbitrary file download vulnerability due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. This will allow the attacker to download any file from the server.
A SQL injection vulnerability exists in the PayPal/Credit Card/Debit Card Payment 1.0 web application. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
A SQL injection vulnerability exists in School Attendance Monitoring System 1.0, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'index.php' script. The vulnerability is due to the lack of proper sanitization of user-supplied input in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, such as user credentials, and the execution of arbitrary SQL commands.
School Attendance Monitoring System 1.0 is vulnerable to an arbitrary file upload vulnerability. This vulnerability allows an attacker to upload a malicious file to the web server. By exploiting this vulnerability, an attacker can gain access to the web server and execute arbitrary code. The vulnerability exists due to insufficient validation of the uploaded file type. An attacker can exploit this vulnerability by uploading a malicious file with a double extension such as .php.gif. This will bypass the validation and allow the attacker to upload the malicious file to the web server.
Services By CQR