Duhok Forum is vulnerable to a remote file upload vulnerability. Attackers can exploit this vulnerability by uploading a malicious file to the vulnerable webpages such as /admin/up_xml.php, /admin/up_style.php, /idara/up_xml.php, and /idara/up_style.php. The malicious file can be uploaded by using a tool such as Tamper Data. Once the malicious file is uploaded, the attacker can access the file by going to www.site.com/patch/style/style_shell.php
Link Protect 1.2 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'description', 'name', 'email' or 'link' fields of the 'linkcheck.php', 'contact_us.php' and 'signup.php' pages. This malicious code will be executed in the browser of the victim when they visit the vulnerable page.
A vulnerability exists in the 'Orbis CMS' fileman_file_upload.php script that allows any authenticated user to upload a PHP script and then run it without restriction.
A buffer overflow vulnerability exists in Provj 5.1.5.5 when a specially crafted .m3u file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to insufficient boundary checks when processing the .m3u file. A malicious user can create a specially crafted .m3u file and execute arbitrary code when the file is opened. This can be exploited to execute arbitrary code with the privileges of the user running the application.
The vulnerability exists due to failure in the 'views/post.php' script to properly sanitize user-supplied input in 'post_content' variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. An attacker can use browser to exploit this vulnerability.
A SEH buffer overflow vulnerability exists in Mediacoder 0.7.5.4792. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when handling user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when handling user-supplied input.
MicroNetSoft RV Dealer Website is vulnerable to two SQL injection vulnerabilities. The first vulnerability is located in the "selStock" parameter of the "search.asp" page and the second vulnerability is located in the "orderBy" parameter of the "showAlllistings.asp" page. Both of these parameters are vulnerable to SQL injection attacks.
Hanso Player Version 1.4.0 is vulnerable to a buffer overflow vulnerability when opening a specially crafted .m3u file. By opening the file with the player, an attacker can cause a denial of service condition.
A SQL injection vulnerability exists in Site2Nite Big Truck Broker, which allows an attacker to inject malicious SQL code into the 'txtSiteId' parameter of the 'news_default.asp' page. By sending a specially crafted request, an attacker can execute arbitrary SQL commands on the underlying database.
The follow xss is located in the section of comments of the CMS skeletonz. Xss Exploit field Name: <script>alert('xss');</script>field Comment: <script>alert('xss');</script>
Services By CQR