Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.
X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
The vulnerabilities in GeoClassifieds Lite allow attackers to perform SQL injection and cross-site scripting attacks. These attacks can lead to various consequences such as stealing authentication credentials, compromising the application, accessing or modifying data, and exploiting other vulnerabilities in the database.
Post Affiliate Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
A SQL injection vulnerability exists in the signature.php file of MyBB Advanced Forum Signatures (afsignatures-2.0.4). An attacker can exploit this vulnerability by sending a specially crafted POST request with malicious SQL code to the signature.php file. This can allow the attacker to gain access to sensitive information stored in the database.
The vulnerability exists in phpMyBitTorrent 2.0.4, which is an open source web-based BitTorrent tracker written in PHP and using a MySQL database. The vulnerability allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'confirminvite.php' script. The attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
CultBooking suffers from a local file inlcusion/disclosure (LFI/FD) vulnerability when input passed thru the 'lang' parameter to cultbooking.php script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
This exploit allows an attacker to upload a shell to the vulnerable DoceboLMS AKA SpaghettiLearning <= 2.0.4 web application. The attacker can then execute arbitrary code on the vulnerable system.
Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.
ChiCoMaS is free web based Content Management System based on PHP & MySQL with Full featured WYSIWYG TinyMCE editor, File management with QuiXplorer, User and group administration to manage access permissions & Backup/Restore with integrated MySqlBackupPro. Database Information Disclosure can be exploited by accessing http://[URL]/chicomas/config.inc. The Latest generated Database backups can be accessed by http://[URL]/chicomas/backup. Cross Site Scripting (XSS) can be exploited by Reflected XSS attack in 'index.php' in 'q' parameter by accessing http://[URL]/chicomas/index.php?q='<script>alert(/www.BugReport.ir/.source)</script>'
Services By CQR