VisualShapers ezContents is prone to an authentication-bypass vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This is a Proof of Concept exploit for the Nabopoll Blind SQL Injection vulnerability. The exploit allows an attacker to extract the MySQL user by manipulating the 'surv' parameter in the 'result.php' page. The exploit iterates through ASCII values of characters to extract the user one character at a time.
The EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
SurgeFTP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in an administrator's browser session in the context of the affected site. This could potentially allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.
The DBGuestBook 1.1 script is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by injecting a malicious file path in the 'dbs_base_path' parameter in the following URLs:- http://SITE.com/path/includes/utils.php?dbs_base_path=[SHELL]- http://SITE.com/path/includes/guestbook.php?dbs_base_path=[SHELL]- http://SITE.com/path/includes/views.php?dbs_base_path=[SHELL]By exploiting this vulnerability, the attacker can execute arbitrary code on the server.
The vulnerabilities in Zenoss allow a remote attacker to perform administrative actions, execute arbitrary commands, gain unauthorized access, or delete data through cross-site request forgery attacks. The specific exploits include modifying user settings, executing commands, and performing user commands on devices.
SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.