The application source code is coded in a way which allows malicious crafted HTML commands to be executed without input validation
The vulnerability allows an attacker to inject SQL commands.
This is a remote SQL injection exploit for KwsPHP ver 1.0 stats Module. It requires magic_quotes_gpc to be turned off. The exploit allows an attacker to retrieve admin information, including username and password.
The vulnerability allows an attacker to inject sql commands.
This exploit allows for remote SQL injection in the KwsPHP v1.0 Member_Space Module. It requires magic_quotes_gpc to be turned off.
This exploit allows remote SQL injection in the login.php script of KwsPHP ver 1.0 when magic_quotes_gpc is turned off. It retrieves the admin information including the username and password.
The Joomla! Component Google Map Landkarten version 4.2.3 and below is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'cid' parameter in the 'index.php' file. This can lead to unauthorized access to the database and potentially sensitive information leakage.
The Chupix CMS version 0.2.3 is vulnerable to remote file download. The vulnerability exists in the 'download.php' script. An attacker can exploit this vulnerability by manipulating the 'fichier' parameter in the URL to download arbitrary files from the server. This can lead to unauthorized access to sensitive files and information.
The exploit allows an attacker to perform a Denial of Service attack on Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module versions below V4.25. The vulnerability is identified as CVE-2015-5374.
Twig <2.4.4 contains a server side template injection vulnerability which allows attackers to execute commands within the parameters. By injecting malicious code using the {{COMMAND TO EXECUTE}} syntax, instead of normal integer or string values, the attacker can execute arbitrary commands. The vulnerability depends on the application that takes different parameters via GET or POST.
Services By CQR