FunkyASP AD System v1.1 is vulnerable to a remote shell upload vulnerability. An attacker can exploit this vulnerability by adding a malicious code to a shell file and uploading it to the vulnerable server. The malicious code can be executed by accessing the uploaded shell file. This vulnerability affects FunkyASP AD System v1.1.
w3bcms Gaestebuch v3.0.0 is vulnerable to Blind SQL Injection due to insufficient input validation. The vulnerability exists in the $_POST['spam_id'] parameter in includes/module/book/index.inc.php near line 42. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the underlying database.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'language' parameter to the 'index.php' script. A remote attacker can include a file from local resources and execute arbitrary code on the vulnerable system.
moziloCMS 1.11 is vulnerable to Local File Inclusion, Cross Site Scripting and Path Disclosure. An attacker can exploit these vulnerabilities to gain access to sensitive information, execute arbitrary code, and perform other malicious activities.
'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
'68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The vulnerability allows an attacker to inject sql commands from search section with 'trafficCycle' parameter.
Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
This exploit allows an attacker to upload a malicious file to the vulnerable Wordpress Plugin MStore API 2.0.6. The vulnerability exists due to the lack of authentication and authorization checks when uploading a file. An attacker can exploit this vulnerability by sending a malicious file to the vulnerable endpoint. This can lead to remote code execution.
TheCartPress <= 1.5.3.6 is vulnerable to unauthenticated privilege escalation. An attacker can exploit this vulnerability by sending a POST request to the /wp-admin/admin-ajax.php endpoint with the action parameter set to tcp_register_and_login_ajax. This will create an administrator account with the credentials specified in the request. This vulnerability can be exploited without authentication.
Services By CQR