MultiTheftAuto is prone to multiple vulnerabilities. The first issue can allow an attacker to gain unauthorized access to an administrative file. The second issue can allow an attacker to trigger a crash in the application. MultiTheftAuto 0.5 patch 1 and prior versions are vulnerable to these issues.
PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can exploit this vulnerability to view the application log file. This vulnerability could lead to the disclosure of various valid usernames, which could aid in brute force attacks; information obtained may aid an attacker in further attacks. The following proof of concept is available where [date] is the date of a log file entry: http://www.example.com/phpmyfaq/data/tracking[date]
PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
PHPMyFAQ is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. Exploitation of these vulnerabilities may facilitate the theft of cookie-based authentication credentials as well as other attacks.
phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. phpMyFAQ version 1.5.1 is reported prone to this vulnerability. switch to /admin directory, click on 'forgotten password' feature, user: ' or isnull(1/0) /*, mail: [your_email]
Mall23 is prone to an SQL injection vulnerability due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
JPortal is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. This could allow an attacker to exploit vulnerabilities in the underlying database implementation, resulting in a compromise of the application, disclosure or modification of data.
PerlDiver is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Multiple Alkalay.net scripts are prone to arbitrary remote command execution vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker can prefix arbitrary commands with the pipe '|' character and have them executed in the context of the Web server process.
Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate unauthorized remote access. Mozilla Firefox 1.0.6 running on UNIX-based platforms is reportedly vulnerable. Other versions and applications employing Firefox functionality may be vulnerable as well. Mozilla Browser 1.7.x versions and Thunderbird 1.x versions are also vulnerable to this issue.
Services By CQR