DeluxeBB is prone to multiple SQL injection vulnerabilities due to a lack of proper sanitization of user-supplied input before being sent to SQL queries. This could allow an attacker to exploit vulnerabilities in the underlying database implementation, resulting in a compromise of the application, disclosure or modification of data.
Digital Scribe is prone to an SQL injection vulnerability due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by providing malicious input to the application, which can result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Noah's Classifieds is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ATutor is prone to a remote information disclosure vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged information. A remote attacker can exploit this vulnerability and make repeated GET requests for the chat logs, effectively retrieving all chat archives. Information obtained may aid an attacker in further attacks.
ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker can exploit this issue by supplying a specially crafted input to the vulnerable application. The attacker can then use the injected SQL to view, modify or delete data from the database.
MIVA Merchant 5 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Mail-it Now! Upload2Server is prone to an arbitrary file upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before uploading files. Successful exploitation will cause the application to execute the file in the security context of the Web server process. This may facilitate unauthorized access; other attacks are also possible.
Land Down Under is prone to multiple SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This can be exploited by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Subscribe Me Pro is prone to a directory traversal vulnerability due to a lack of proper sanitization of user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.
Services By CQR