SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry. A local attacker may exploit this issue to disclose potentially sensitive information.
PPA is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
SPiD is a gallery management application written in PHP. It is prone to a remote file include vulnerability, due to lack of validation of user input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
ID Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PunBB is affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input through the user profile edit module of the 'profile.php' script before using it in a SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. This issue may be successfully exploited to gain administrative access to a vulnerable forum.
Comersus Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks. An attacker can set a cookie with the name PHPAUCTION_RM_ID and the value of the ID number of the user/admin they want to impersonate to bypass authentication.
Comersus Cart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
pngren is prone to a remote arbitrary command execution vulnerability. Reportedly, this issue arises when the user-specified values are passed to the 'kaiseki.cgi' script. Due to this, an attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.
Services By CQR