Super Cms Blog Pro 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'author' in the 'authors_post.php' script. This can allow the attacker to gain access to sensitive information from the database.
Joomla! Component Dutch Auction Factory 2.0.2 is vulnerable to a SQL injection vulnerability in the 'filter_order_Dir' parameter. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter. This can allow the attacker to gain access to sensitive information from the database.
Run the python exploit script, it will create a new file file with the name 'mre.txt'. Copy the content of the new file 'mre.txt'. Start Beyond Remote Server 2.2.5.3 and click 'Configure' than click 'Update Options' than click 'Proxy Settings' Paste the content into field 'Proxy Password' click 'OK' It will cause the DOS situation.
A SQL injection vulnerability exists in Joomla! Component Auction Factory 4.5.5, which allows an attacker to execute arbitrary SQL commands via the 'filter_order_Dir' and 'filter_order' parameters in a 'listauctions' task. The vulnerability can be exploited by sending a malicious HTTP request to the vulnerable application.
A SQL injection vulnerability exists in Joomla! Component AMGallery 1.2.3 due to improper sanitization of user-supplied input to the 'filter_category_id' parameter. An attacker can leverage this vulnerability to execute arbitrary SQL commands in the context of the application's database.
Attacker can run JavaScript codes in victim user's browser while victim is replying a post. 'videotype' section causes this. To reproduce, enter to thread posting page (newthread.php, enter title and content), click 'insert a video' command, select any source and insert any URL, edit the video source with payload or directly add code '[video=PAYLOAD]http://victim.com[/video]', and post the thread. While victim user replying the post, his browser will run JavaScript. Vulnerable pages are editpost.php, newreply.php, private.php, and all Visual Editor embedded pages.
LG SuperSignEZ CMS, that many LG SuperSign TVs have built in, is prone to remote code execution due to an improper parameter handling. Code to exploit the vulnerability is provided in the text.
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
Collectric CMU is a Swedish made controller device for electrical devices such as car heaters, camping sites etc, powered by a NGW board running Linux 2.6.30 with a PHP admin interface. Web Portal hard-coded credentials: username: sysadmin, password: zoogin. SSH user/root credentials: username: kplc, password: kplc, username: root, password: zoogin. The SSH server is running Dropbear sshd 0.52 (protocol 2.0) which requires diffie-hellman-group1-sha1. MySQL root credentials: username: root, password: sql4u.
A Reflected Cross-Site Scripting web vulnerability has been discovered in the 'Navigate CMS' web-application. The vulnerability is located in the 'fid' parameter of the`navigate.php` action GET method request.
Services By CQR