Aptgp.v1.3.0c is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the webm_email parameter of the webm_stats.php page. This code will be executed in the browser of the victim when they visit the page. The malicious code can be used to steal the victim's session cookie, allowing the attacker to hijack the user's session.
ArticleLive PHP Version 2005.0.0 is vulnerable to Cross Site Scripting. An attacker can inject malicious JavaScript code in the username and password fields of the login page. This malicious code will be executed in the browser of the victim when they visit the vulnerable page.
A vulnerability exists in the WHOISCART web application, which allows an attacker to execute arbitrary code on the server. The vulnerability is triggered when an attacker sends a specially crafted request to the server, which contains malicious code. The code is then executed on the server, allowing the attacker to gain access to sensitive information or execute arbitrary code.
The description for this alert is contributed by the GHDB community, it may contain inappropriate language. This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
The vulnerability exists in FlashChat v3.9.3.1, which allows an attacker to view the PHP information of the server by accessing the phpinfo.php page. This can be done by accessing the URL http://server/chat/phpinfo.php or http://server/chat/phpinfo.php?php=.
A SQL injection vulnerability was discovered in www.i-escorts.co.uk. An attacker can exploit this vulnerability by sending a crafted URL containing malicious SQL code to the vulnerable server. This can allow the attacker to gain access to sensitive information such as passwords, usernames, and other confidential data stored in the database.
The vulnerability exists in XOOPS Module dictionary 2.0.18, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'detail.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script, which will then execute the injected SQL query.
LiveZilla, the Next Generation Live Help / Live Chat and Live Support System, is vulnerable to Cross Site Scripting. The vulnerability exists in the files livezilla/templates/map.tpl and livezilla/map.php, where the parameters lat, lng, and zom are not properly sanitized. An attacker can inject malicious JavaScript code into the parameters, which will be executed in the browser of the victim.
The Diesel Job Site 1.4 is vulnerable to XSS, RFI, Admin Bypass, and Bypass Settings. An attacker can exploit these vulnerabilities by sending a malicious payload to the vulnerable parameters in the URL. For example, in the XSS vulnerability, an attacker can send a malicious script in the 'uname' and 'ename' parameters of the URL. For the RFI vulnerability, an attacker can send a malicious payload in the '_COOKIE[lang]' parameter of the URL. For the Admin Bypass vulnerability, an attacker can edit the email for the admin and search for the admin name, then submit the malicious payload in the 'forgot.php' page. Finally, for the Bypass Settings vulnerability, an attacker can send a malicious payload in the 'editsettings.php' page.
UBB.threads 6 is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a malicious file which is then executed on the vulnerable server. This can lead to the attacker gaining access to the server and executing arbitrary code.
Services By CQR