The xKiosk WEB script version 3.0.1i is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file by manipulating the 'PEARPATH' parameter in the 'xkurl.php' script. This can lead to arbitrary code execution on the server.
The GDASPAMLib.AntiSpam ActiveX control in G DATA Total Security 25.4.0.3 is vulnerable to a buffer overflow via a long IsBlackListed argument.
This module exploits an argument injection vulnerability in GitList v0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.
The Verlihub Control Panel version 1.7 for PHP 4.x is vulnerable to Local File Inclusion. The vulnerability exists due to the lack of proper input validation in the 'page' parameter of the URL. An attacker can exploit this vulnerability by manipulating the 'page' parameter to include arbitrary local files, such as '/etc/passwd'. This can lead to unauthorized access to sensitive information on the server.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The SQL injection vulnerabilities in WordPress Form Maker Plugin 1.12.24 and below allow unauthorized users to escalate their privileges or access and modify database contents. The vulnerabilities can be exploited by submitting specially crafted forms with malicious SQL statements.
The vulnerability exists in the 'childwindow.inc.php' file of the Poppawid web-based email client. It allows an attacker to include arbitrary files from remote servers by manipulating the 'form' parameter in the URL. This can lead to remote code execution or unauthorized access to sensitive information.
PHP Dashboards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Unknown Exploit Description
The iSocial 1.2.0 version is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks. The XSS vulnerability allows an attacker to inject malicious scripts into the website, which can be executed by unsuspecting users. The CSRF vulnerability allows an attacker to perform unauthorized actions on behalf of a victim user, such as changing their email or deleting their account.
Services By CQR