DUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
RaXnet Cacti is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'top_graph_header.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
paFaq is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
paFaq is prone to a cross-site scripting vulnerability due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
i-Gallery is prone to a directory traversal vulnerability. This could let remote attackers access files on the computer in the context of the Web server process. An example of the vulnerability is http://www.example.com/gallery/folderview.asp?folder=Sport+Champions/../../../../../../../../winnt/repair/sam
paFaq is prone to an unauthorized access vulnerability regarding the database. This issue is a result of the application failing to perform access validation on the 'backup.php' script. A remote unauthenticated user can invoke the script and retrieve a complete backup of the application database. A remote attacker could exploit this vulnerability to authenticate to the application using a retrieved administrator username and password hash.
Services By CQR