The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer in the context of the webserver process.
ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
A denial of service vulnerability exists in Crob FTP Server 3.6.1 b.263. By sending a specially crafted LIST, NLST and NLST -al command with an overly long string, a remote attacker can cause the server to crash.
KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit may allow unauthorized users to view files, to execute arbitrary scripts within the context of the browser, and to steal cookie-based authentication credentials. Other attacks are also possible.
KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit may allow unauthorized users to view files, to execute arbitrary scripts within the context of the browser, and to steal cookie-based authentication credentials. Other attacks are also possible.
AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database implementation.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a remote file. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'mx_root_path' parameter in the 'includes/newssuite_constants.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the 'mx_root_path' parameter.
AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database implementation.
Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. Messageriescripthp V2.0 is vulnerable to this issue.
Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR