JGS-Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
JGS-Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PHPX is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
CubeCart is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Oi! Email Marketing System is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Exploitation may also cause a denial of service condition.
An attacker can exploit these issues to inject arbitrary PHP code and execute it in the context of the vulnerable webserver. An attacker can also exploit these issues to execute arbitrary HTML or script code in the browser of a victim user in the context of the webserver process. This may facilitate the theft of cookie-based authentication credentials; other attacks are also possible.
NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it in the context of the vulnerable webserver. An attacker can also exploit these issues to execute arbitrary HTML or script code in the browser of a victim user in the context of the webserver process. This may facilitate the theft of cookie-based authentication credentials; other attacks are also possible.
Web Calendar Pro is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Exploitation may also cause a denial-of-service condition.
The exploit is a part of VulnDisco Pack which is the private property of GLEG ltd. Company. The Pack with all the software and data containing in it is the intellectual property of the Company and is guarded by intellectual property laws. Purchaser has the rights to use the Pack only under the terms and conditions of this License to the maximum extent permitted by applicable law. Purchaser is allowed to install the Pack on unlimited number of seats and is not restricted to use the Pack to test the particular IP range. Purchaser is not allowed to disclose the Pack in whole or partly, to disclose any information concerning the Pack or any information derived from the Pack. Purchaser is not allowed to transfer the Pack or any data concerning it (including derived data), anyhow or by any means to third party entities. Purchaser realizes that the Pack is provided as-is without warranty of any kind, including warranties that the Pack suits particular needs, is safe to use, or contain no issues. Purchaser realizes that the Pack contains potentially dangerous software and data and that the Company is not responsible for any damage caused by the Pack or any data contained in it.
Input passed to the "$srcdir" parameter in billing_process.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources. Also, input passed to the "form_id" parameter in billing_process.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Services By CQR
