This exploit allows an attacker to perform a blind SQL injection attack on the ScriptMagix Photo Rating <= 2.0 (viewcomments.php) script. By exploiting this vulnerability, an attacker can retrieve the username and password of the admin user.
The PHP TopSites application is vulnerable to a cross-site scripting (XSS) and SQL injection vulnerability. The application does not properly sanitize user-supplied data, allowing an attacker to execute arbitrary script code in the context of the affected site. This can lead to various attacks such as stealing authentication credentials, compromising the application, accessing or modifying data, and exploiting vulnerabilities in the underlying database.
Mura CMS is prone to multiple cross-site-scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.
Cetera eCommerce is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.
This exploit allows an attacker to execute SQL queries and retrieve sensitive information from the target system. The vulnerability exists in the index.php file of ScriptMagix Recipes version 2.0 or earlier, specifically in the catid parameter. By manipulating this parameter, an attacker can inject malicious SQL code and retrieve the usernames and passwords of the admin accounts.
This is a local privilege escalation exploit for the Microsoft Windows POSIX Subsystem. It allows an attacker to escalate their privileges on a vulnerable system. The exploit takes advantage of a vulnerability identified as MS04-020. It uses a combination of shellcode and code execution techniques to achieve the privilege escalation.
The 'com_redirect' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
The 'com_mailto' component for Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.