The 'com_morfeoshow' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Nodesforum is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
The LEADTOOLS Imaging LEADSmtp ActiveX control is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may execute arbitrary code with user-level privileges.
Blind SQL Injection exploit and proof of concept for Xoops All Version -Articles- Print.PHP (ID). The exploit allows an attacker to execute arbitrary SQL queries by injecting malicious code into the 'id' parameter of the print.php page. The proof of concept URL demonstrates the exploitation of the vulnerability by injecting a UNION SELECT statement. The exploit is coded in Perl and uses IO::Socket module to send HTTP requests to the target server.
This exploit allows an attacker to upload files without authorization and execute remote code on the target system. The vulnerability exists in Cforms version 14.7 and has a CVE ID of 2014-9473. By exploiting this vulnerability, an attacker can upload malicious files and execute arbitrary code on the target system.
ecommercemajor is a php based CMS for ecommerce portal. It is vulnerable to SQL injection in the 'product.php' file where the 'productbycat' parameter is not properly filtered before being used in a SQL query. It is also vulnerable to authentication bypass in the 'index.php' file under the '__admin' directory, where the 'username' and 'password' parameters are not properly filtered before being used in a SQL query.
The Sitemagic CMS is prone to a directory-traversal vulnerability that allows an attacker to obtain arbitrary local files by supplying a specially crafted input in the 'SMTpl' parameter of the 'index.php' script. By including '../' sequences in the parameter value, an attacker can traverse the directory structure and access files outside the intended directory.
The Easewe FTP OCX ActiveX control is prone to multiple insecure-method vulnerabilities. Attackers can exploit these issues to perform unauthorized actions or execute arbitrary programs. Successful exploits may result in compromise of affected computers.
The FanUpdate application fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. By exploiting this vulnerability, an attacker can steal cookie-based authentication credentials and launch other attacks.
Services By CQR