A Cross Site Scripting vulnerability exists in IMG2ASCII � Ueli Weiss, which allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbbase, dbuser, and dbpass parameters in install.php, and the ascii.php parameter.
A vulnerability in the file upload Ar Version Upload Shell allows an attacker to upload a malicious file to the server. The vulnerability exists due to insufficient validation of the uploaded file. A remote attacker can upload a malicious file and execute arbitrary code on the target system.
FlatPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'cache' and 'fn' parameters of the 'easytemplate.php' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary PHP code on the target system with the privileges of the web server process.
CactuShop v6 is vulnerable to a database disclosure vulnerability. An attacker can access the database by sending a request to the URL http://[target].com/[path]/database/cactushop6.mdb. This will allow the attacker to access the database and view sensitive information.
An attacker can upload a malicious shell to the vulnerable server by exploiting the banner-upload.php page. The malicious shell can be accessed at the banners/sqd/c.php page.
A vulnerability in Upload-Point 1.6 Beta allows an attacker to upload a malicious shell to the web server. The attacker can then use the shell to execute arbitrary code on the server.
An attacker can access the admin/backups directory of the TomatoCart application and view the credentials of the administrator in line 42.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'smarty' parameter of the 'include/libs/internals/core.write_compiled_include.php', 'include/libs/internals/core.process_compiled_include.php' and 'include/libs/plugins/function.config_load.php' scripts. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.
A vulnerability exists in SAIBAL DOWNLOAD AREA V.2.0 which allows an attacker to upload a malicious shell on the vulnerable website. The attacker can then use the shell to execute arbitrary commands on the server.
Services By CQR