A vulnerability in Skype extension for Firefox BETA 2.2.0.95 allows an attacker to write malicious content to the clipboard of the victim. This can be exploited by an attacker to execute arbitrary code on the victim's system by tricking the victim into pasting the malicious content into a vulnerable application.
Yerba SACphp is prone to a local file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on a vulnerable computer in the context of the webserver process. This may aid in further attacks.
A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server.
asiCMS alpha 0.208 is vulnerable to multiple remote file inclusion vulnerability. This vulnerability is caused due to the use of user-supplied input without proper validation. An attacker can exploit this vulnerability by sending malicious input to the vulnerable parameter _ENV[asicms][path] in the affected files. This can allow an attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in the PHP-Fusion Mod triscoop_race_system, which allows an attacker to inject malicious SQL commands into the raceid parameter of the race_details.php page. This can be exploited to gain access to sensitive information such as usernames and passwords.
A remote SQL injection vulnerability exists in the PHP-Fusion Mod recept (kat_id) module. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, and emails. The vulnerability is caused by improper sanitization of user-supplied input in the 'kat_id' parameter of the 'recept.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script.
A remote SQL injection vulnerability exists in PHP-Fusion Mod raidtracker_panel. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input to the 'INFO_RAID_ID' parameter in the 'thisraidprogress.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails stored in the database.
FOSS Gallery Public Version <= 1.0 is vulnerable to an arbitrary file upload vulnerability. This vulnerability allows an attacker to upload a malicious file to the web server, which can then be used to execute arbitrary code.
fastpublish CMS version 1.9.9.9.9.d is vulnerable to SQL Injection and File Inclusion. An attacker can exploit this vulnerability by sending malicious SQL queries and file inclusion requests to the vulnerable application. The malicious SQL queries can be sent via the 'q' and 'sprache' parameters in the 'index2.php' script. The malicious file inclusion requests can be sent via the 'artikel' and 'target' parameters in the 'index2.php' and 'index.php' scripts.
Services By CQR