paFileDB 3.1 is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'id' parameter of the 'pafiledb.php' script. This code will be executed in the browser of the victim when the malicious URL is visited.
Simple PHP Guestbook suffers an remote access in the guestbook admin file guestbook-admin.php.
Jevonweb Guestbook suffers a remote admin access exploit in setup.php.
A Cross-Site Scripting (XSS) vulnerability was discovered in Ads Electronic Al-System. An attacker can inject malicious JavaScript code into the vulnerable parameter of the thankes.php page, which will be executed in the browser of the victim when the page is loaded.
An attacker can upload a malicious file to the vulnerable server by exploiting the barbo91 uploads Upload Shell Vulnerability. The malicious file can be accessed by the attacker by visiting the URL http://server/barbo91_uploads/ev!l.php
Caricatier 2.5 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'CatName' parameter of the 'comment.php' script, the 'CatName' parameter of the 'view_caricatier.php' script, and the 'CatName' parameter of the 'view_caricatier.php' script. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. The vulnerable code is located in the ‘cat_sell.php’ and ‘selloffers.php’ files. An attacker can send a malicious SQL query to the vulnerable application, which will allow the attacker to extract sensitive information from the database, such as usernames and passwords.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' and 'url' parameters to the '/toplist/out.php' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'imx' and 'img' parameters to '/pics-small/imlist.php' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A Cross-Site Scripting (XSS) vulnerability was discovered in © Winn Guestbook V2.4, Winn.ws. An attacker can inject malicious JavaScript code into the vulnerable parameter of the application, which will be executed in the browser of the victim when the page is loaded.
Services By CQR