Article Publisher Pro is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
phpLister is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RechnungsZentrale V2 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. An example has been provided: User: ' OR '1'='1 Password: 1
The phpLinks application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The axoverzicht.cgi script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Storystream is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can execute arbitrary code on the vulnerable server by including malicious files from a remote location. The vulnerable scripts are include/classes/pear/DB/mysql.php and include/classes/pear/DB/mysqli.php. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server.
Coppermine is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. Version 1.4.4 is vulnerable to this issue; other versions may also be affected.
Neon Responders is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network packets. This issue allows remote attackers to crash the affected application, denying further service to legitimate users.
MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables. An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.
Manila is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR