The mod_visitorsgooglemap module of Visitors Google Map Lite 1.0.1 (FREE) is vulnerable to remote SQL injection. The vulnerability exists in the map_data.php file.
The vulnerability exists in the WebCalendar application due to a failure in properly sanitizing user-supplied input. An attacker can exploit this issue by injecting malicious content into the 'ret' parameter of the 'layers_toggle.php' script. This can lead to the manipulation of web content and potentially deceive users.
WebCalendar is prone to multiple SQL injection vulnerabilities. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Tour de France Pool for Joomla is vulnerable to a remote file-include vulnerability. The application fails to properly sanitize user-supplied input, allowing an attacker to include and execute arbitrary files remotely. Exploiting this vulnerability can lead to compromise of the application and the underlying system. Other attacks may also be possible.
The Particle Gallery application is prone to a cross-site scripting vulnerability due to inadequate sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.
The News Manager Deluxe software is prone to a local file-include vulnerability due to a failure to properly sanitize user-supplied input. An attacker can exploit this issue to view files and execute local scripts.
Real Estate Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This exploit allows an attacker to remotely disclose files on a system running Xnews 1.0.1. The vulnerability was discovered by r0ut3r and can be exploited by sending a specially crafted request to the server. The exploit has been tested on Xnews 1.0.1.
The WP Ajax Recent Posts WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR