An attacker can exploit this issue to access sensitive information that may lead to further attacks.
BugHunter HTTP Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks.
The Wrapper.php file in OsCommerce is vulnerable to a local file-include vulnerability. This vulnerability occurs due to inadequate input sanitization. An attacker can exploit this vulnerability by supplying malicious input to the 'file' parameter in the URL. Successful exploitation could allow the attacker to view sensitive files and execute arbitrary local scripts.
This module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This module uses the sqli to extract the web application's usernames and hashes. With the retrieved information tries to log into the admin control panel in order to deploy the PHP payload. This module has been tested successfully on VBulletin Version 5.0.0 Beta 13 over an Ubuntu Linux distribution.
The 'DPA Illuminator' service (DPA_Illuminator.exe) listening on public port 8090 (tcp/http) and 8453 (tcp/https) is vulnerable. It exposes the following servlet: http://[host]:8090/invoker/EJBInvokerServlet https://[host]:8453//invoker/EJBInvokerServlet due to a bundled invoker.war. The result is remote code execution with NT AUTHORITYSYSTEM privileges. Proof of concept URL: http://retrogod.altervista.org/9sg_ejb.html https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30211.tgz
This exploit allows remote attackers to gain root access on ProFTPd servers. The exploit code is available at the provided link.
FuseTalk is vulnerable to multiple cross-site scripting (XSS) vulnerabilities due to insufficient input sanitization. These vulnerabilities can be exploited by an attacker to steal cookie-based authentication credentials and launch other attacks.
The application fails to sufficiently sanitize user-supplied input, leading to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to steal cookie-based authentication credentials and launch other attacks.
The Comersus Cart is affected by multiple input validation vulnerabilities. An attacker can exploit these vulnerabilities to compromise the application, gain unauthorized access or modify data, and exploit vulnerabilities in the underlying database. Additionally, an attacker can execute arbitrary code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.
The FuseTalk application is prone to an SQL-injection vulnerability. The vulnerability exists because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Services By CQR