This exploit allows an attacker to disclose the admin password of the Php-Stats <= 0.1.9.1b system through SQL injection. The vulnerability is caused by the lack of proper input validation in the 'ip' parameter which is passed through the urldecode() and ereg() functions. By injecting malicious SQL code, an attacker can retrieve the admin password in clear text.
This vulnerability allows an attacker to disclose the clear text admin password in Php-Stats version 0.1.9.1b and below. By exploiting the PC-REMOTE-ADDR parameter, an attacker can inject malicious SQL queries and retrieve the admin password.
Joomla! is prone to an information-disclosure vulnerability due to an SQL error. Exploiting this issue can allow attackers to gain access to sensitive information contained in the application's database. Successful exploits may lead to other attacks.
Attackers can exploit this issue to gain administrative access to the affected device and execute arbitrary code with superuser privileges. Successful exploits will lead to the complete compromise of the device.
A local attacker can exploit this issue to cause a denial of service by unmounting any filesystem of the system.
Apache Shiro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
The Online Work Order Suite is prone to an SQL injection vulnerability. This vulnerability occurs because the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to manipulate the SQL queries and potentially gain unauthorized access to the application's database. This could lead to data compromise, unauthorized data modification, or exploitation of other latent vulnerabilities in the underlying database.
Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability. The exploit opens a shell on TCP port 4444. The vulnerability is caused by a stack overflow in the strcpy function. The user-supplied data is stored in the heap and the first DWORD of the RPC stub is used as the source address in the strcpy operation.
An attacker can exploit this issue to bypass certain security restrictions and to obtain sensitive information. Successful exploits will enable the attacker to monitor the incoming and outgoing calls of users in other enterprise groups.
The Douran Portal application fails to properly sanitize user-supplied input, leading to an arbitrary file upload vulnerability and a cross-site scripting vulnerability. Attackers can exploit these vulnerabilities to upload and execute arbitrary ASP code, steal authentication information, execute client-side scripts, and obtain sensitive information.
Services By CQR