Apache OFBiz is vulnerable to XML External Entity Injection (XXE) in versions prior to 16.11.04. An attacker can use this vulnerability to disclose files from the server.
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
This exploit is for exim versions < 4.90. It uses a buffer overflow vulnerability to execute arbitrary code on the vulnerable system. It first connects to the exim server, then sends an EHLO command to identify the server. It then attempts to authenticate using the AUTH PLAIN command, and if successful, it sends a specially crafted command to trigger the buffer overflow vulnerability. The exploit then sends a payload to execute arbitrary code on the vulnerable system.
Axioscloud Sissiweb Registro Elettronico is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
A SQL injection vulnerability exists in Fifa Master XLS 2.3.2, which allows an attacker to execute arbitrary SQL commands via the 'usw' parameter in the chat.php script. The vulnerability is due to the lack of proper sanitization of user-supplied input in the 'usw' parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
SG ERP 1.0 is vulnerable to SQL Injection. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'login' and 'senha' parameters of the 'valida_login.php' script. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database.
MGB OpenSource Guestbook 0.7.0.2 is vulnerable to an 'id' SQL Injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
A SQL injection vulnerability exists in SIM-PKH 2.4.1. An attacker can send a malicious HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose sensitive information in the database.
School ERP Pro+Responsive 1.0 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'fid' parameter in the 'student_staff' page. This can be exploited to dump the database contents.
School ERP Pro+Responsive 1.0 is vulnerable to arbitrary file download. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to download any file from the server, including sensitive files such as /etc/passwd.
Services By CQR