SkaDate Dating is vulnerable to multiple remote vulnerabilities such as RFI/LFI/XSS. An attacker can exploit these vulnerabilities by sending malicious requests to the vulnerable web application. For example, an attacker can send a malicious request to the vulnerable web application with a malicious payload in the 'layout' and 'language_id' parameters. Additionally, an attacker can also exploit the XSS vulnerability by sending a malicious payload in the 'search_string' parameter.
A Blind SQL Injection vulnerability exists in Almond Classifieds Ads Enterprise. An attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.
A Blind SQL Injection vulnerability exists in Joomla Component v.7.5 (com_aclassf) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. This can be exploited to gain access to sensitive information such as passwords, usernames, etc. The vulnerability is due to insufficient sanitization of user-supplied input in the 'replid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL commands to the vulnerable system.
Pixaria Gallery 2.3.5 is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive files on the server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'page' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'page' parameter to the vulnerable script. This will allow the attacker to view the contents of any file on the server.
Clip Bucket version 1.7.1 and earlier are vulnerable to insecure cookie handling. An attacker can exploit this vulnerability to gain access to the application and perform malicious activities. This vulnerability is due to the application not properly validating the cookie values. An attacker can exploit this vulnerability to gain access to the application and perform malicious activities.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'questid' parameter of 'knowledge_searchm.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information, such as passwords, stored in the database.
The following bug was tested on the latest version of Internet Explorer 7/8. When a user clicks on the 'exploit' button, a text field is created with an ID of 'powerhacker' and a value of 'AAAA'. A text range is then created from the text field and a findText method is called with a Unicode string that is longer than the allocated stack memory. This causes a crash in Internet Explorer 7/8.
The vulnerable header.php (line 53-62) contains $_COOKIE['cookid'] and $_COOKIE['cookgid'] which is not filtered and can be used to do an SQL Injection. A proof of concept script is provided which can be used to log in with a valid username and password.
Deonixscripts Templates Management Version 1.3 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This exploit allows an attacker to inject malicious JavaScript code into a WordPress website by using the wp-comments-post.php file. The malicious code is injected into the 'title' or 'content' field of a comment, and is triggered when an administrator or other user with sufficient privileges mouses over the comment. The malicious code can be used to steal cookies, hijack sessions, or perform other malicious activities.
Services By CQR