Top Sites Script is prone to a SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.
Games Site Script is prone to a SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify critical data, or even to execute system level commands.
Gallery Personals Script is prone to a SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate the queries that are executed on the underlying database, allowing for the manipulation or disclosure of arbitrary data.
chillyCMS uses 302 redirects to restrict access to the unautorized pages. To exploit this vulnerability, create a rule in No-Redirect Add-on: ^http://localhost/chillyCMS/ and access http://localhost/chillyCMS/admin/. For the Arbitrary File Upload vulnerability, create a ZIP file of the files to be uploaded, upload it to the chillyCMS/admin/design.site.php page and access the shell at http://localhost/chillyCMS/tmp/shell.php.
Cometchat is a chat application which in use Vbulletin,Xenforo,SMF,MyBB and other integrated scripts. A security patch appears to have been released to address the issue. The first vulnerability is a code execution vulnerability in the modules/chatrooms/chatrooms.php file, which can be exploited to call all PHP functions and Cometchat functions without arguments. The second vulnerability is an XSS vulnerability in the plugins/handwrite/index.php file, which can be exploited to inject arbitrary HTML and script code into a user's browser.
A directory traversal vulnerability exists in TP-Link TL-WA701N / TL-WA701ND devices. An unauthenticated attacker can send a specially crafted HTTP request to the device to access local files of the device, such as /etc/passwd and /etc/shadow.
Edimax EW-7206APg and EW-7209APg are vulnerable to URL redirection and XSS attacks. The vulnerable parameters are submit-url and wlan-url for URL redirection and DomainName for stored XSS. An attacker can inject malicious scripts into these parameters to exploit the vulnerability.
This module exploits a vulnerability in the Foxit Reader Plugin, it exists in the npFoxitReaderPlugin.dll module. When loading PDF files from remote hosts, overly long query strings within URLs can cause a stack-based buffer overflow, which can be exploited to execute arbitrary code. This exploit has been tested on Windows 7 SP1 with Firefox 18.0 and Foxit Reader version 5.4.4.11281 (npFoxitReaderPlugin.dll version 2.2.1.530).
Ultra Light Forum is a standalone forum developed in PHP and MySQL with high speed and user-friendliness. It allows users to create and delete topics, reply to others topics, and vote in polls. A vulnerability exists in the profile settings, where a malicious user can inject a script into the messages box. If any user views the profile, the script will be executed.
Services By CQR