The vulnerability exists in the e-pay script, which allows attackers to include remote files by manipulating the _REQUEST[read] parameter in the following files: popup.php, handle.php, index.php, and a_affil.php.
A Cross-Site Scripting (XSS) vulnerability was discovered in quiz. An attacker can inject arbitrary web script or HTML via the 'index.php' parameter. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The vulnerability allows an attacker to bypass the authentication of the PHPShop Version 0.6 application by downloading the phpshop-dist.cfg file and accessing the login credentials in lines 193 and 194.
A Cross-Site Scripting (XSS) vulnerability was discovered in Webring, which allows remote attackers to inject arbitrary web script or HTML via the index.php page. An attacker can exploit this vulnerability by sending a malicious URL to an unsuspecting user. When the user clicks on the URL, the malicious script will be executed in the user's browser.
An attacker can access the backup directory of the jokes application by sending a request to http://server/jokes/admin/backup/dump/
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'by' and 'id' parameters to 'more.php' and 'picture_category.php' scripts. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A vulnerability exists in kandalf upper 0.1 which allows an attacker to upload a malicious shell to the server. The attacker can then use the shell to gain access to the server and execute arbitrary code.
vCard PRO 3.1 is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'page' and 'card_id' parameters of the 'newcards.php' and 'create.php' scripts, respectively. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'menu', 'index', 'imagedir', 'currentdir', and 'imageperpage' parameters to the 'index.php' script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'archiv', 'subcat' and 'Souknaamane[Pic]' parameters of the 'pagenumber.inc.php' script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Services By CQR