This module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace(). This vulnerability was introduced in revision 3076, and finally fixed in revision 5166. According to the 'tags' within their tree, this corresponds to versions 2.0.4 through 2.0.15 (inclusive).
X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions. Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.
OTRS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Post Affiliate Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
A user with a low privileged user can perform XSS-Stored attacks. Go on the 'Popup Anything - Settings' tab and select 'Simple Link' as 'Link Type'. Select 'Link Test' and use this payload: test" onclick="alert(1). Save the popup and reload the page. Now click on 'Link Text' and it will execute the javascript code. The same attack can be exploited with 'Button Text' and 'Popup width' fields.
Alt-N WebAdmin is prone to a buffer overflow condition due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.
A SQL injection vulnerability exists in the signature.php file of MyBB Advanced Forum Signatures (afsignatures-2.0.4). An attacker can exploit this vulnerability by sending a specially crafted POST request with malicious SQL code to the signature.php file. This can allow the attacker to gain access to sensitive information stored in the database.
The vulnerability exists in phpMyBitTorrent 2.0.4, which is an open source web-based BitTorrent tracker written in PHP and using a MySQL database. The vulnerability allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'confirminvite.php' script. The attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
Services By CQR