AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data.An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data.An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The vCard PRO application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable other attacks.
The Simplog application is prone to an SQL-injection vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The Spooky Login application fails to properly sanitize user-supplied input, leading to multiple input-validation vulnerabilities. These vulnerabilities can be exploited by an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
The vulnerability is caused due to the improper verification of uploaded files in '/ip_cms/modules/developer/config_exp_imp/manager.php' script thru the 'manage()' function when importing a configuration file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/file/tmp' directory after successful injection. Permission Developer[Modules exp/imp] is required (parameter 'i_n_2[361]' = on) for successful exploitation.
This exploit takes advantage of a buffer overflow vulnerability in Watermark Master software. By sending a specially crafted input, an attacker can trigger a stack-based buffer overflow, potentially allowing them to execute arbitrary code on the target system.
This module allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. The vulnerability was discovered by Brandon Perry.
Creates an .m3u file to exploit a very basic seh bof: junk --> next seh (jmp to shellcode) --> seh (pop3 pop ret) --> shellcode
XSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.