The vulnerability allows remote attackers to execute arbitrary SQL commands via the 'cid' parameter in the 'index.php' script.
This exploit targets a buffer overflow vulnerability in Samba version 3.0.4 and prior. It allows an attacker to execute arbitrary code by sending a specially crafted HTTP request to the SWAT service.
The vulnerability allows an attacker to perform a remote SQL injection by manipulating the 'cid' parameter in the 'index.php' file. The exploit uses a UNION SELECT statement to extract sensitive information from the 'fusion_users' table, including usernames and passwords.
SugarCRM Community Edition is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The flash-album-gallery plugin for WordPress is vulnerable to a cross-site scripting (XSS) attack due to inadequate sanitization of user-supplied data. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site's context, potentially leading to the execution of malicious actions such as stealing authentication credentials and launching further attacks.
The 1-jquery-photo-gallery-slideshow-flash plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Bug found by ka0x, contact ka0x01@gmail.com
The vulnerabilities in OrangeHRM could allow an attacker to steal authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker can exploit these issues to crash the application and deny service to legitimate users.
The Oxide WebServer is vulnerable to a directory-traversal attack due to insufficient sanitization of user-supplied input in its web interface. An attacker can exploit this vulnerability to view arbitrary files on the webserver, potentially aiding in further attacks.
Services By CQR