An attacker can exploit a Blind SQL Injection vulnerability in Dolphin by sending a maliciously crafted HTTP request to the tags.php page with the action parameter set to a malicious SQL query. An attacker can also exploit a Source Code Disclosure vulnerability in Dolphin by sending a maliciously crafted HTTP request to the gzip_loader.php page with the file parameter set to a malicious file name.
List businesses for sale by owner and broker at prices you determine. 8 pics per listing, advanced Search, detailed listings, full admin control panel. After sales support at no charge. Code: ASP 3.0 & VBScri. The vulnerability is present in the detail.asp page, where the ID parameter is vulnerable to SQL injection.
Newsletter Open Source is an ASP-based online newsletter application. Includes Admin Pak, a former commercial add-on for the application. Commercial Rich Text Editor has been stripped from the Admin Pak. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'qid' in the URL. This can allow the attacker to gain access to sensitive information from the database.
Work smarter with OWOS: Professional Edition, the web-based help desk solution. OWOS Pro helps you simplify support requests, e-mail communication, organize planning and scheduling, and provide powerful access to the information you need. An attacker can bypass authentication by using the pattern ' or 1=1 or ''=''.
Microsoft Access 2000/XPASP web Interface includes all source code and demo data. Punch Card calculates hours from time in to time out and can span across days, Calculates Regular Hours, Overtime Hours and Statutory Hours. Code: ASP 3.0 & VBScript. The vulnerability is an Authentication ByPass Vulnerability with the pattern ' or 1=1 or ''=''. The demo URL is http://server/login.asp.
Unlimited Vacation Rental Listings Vacation Rentals are listed with thumbnail picture, location, price, and link to detail, to allow visitors to quickly browse to the rentals they are interested in. Detailed rental information is displayed to visitors when they click on a rental they are interested in with bigger picture, additional pictures, description, features, additional information, price, location, etc.
A denial of service vulnerability exists in Maxthon 3.0.18.1000 due to a lack of proper validation of user-supplied input when handling CSS styles. An attacker can exploit this vulnerability by creating a specially crafted HTML file containing a large number of 'alink' CSS styles, which can cause the application to crash when the file is opened.
A denial of service vulnerability exists in Quickzip 5.1.8.1, which allows an attacker to crash the program by creating a specially crafted zip file with a filename length shorter than the length specified in the central directory header. In the case of length specified equals 0x7, the program crash when the actual length is smaller than 0x4.
The vulnerability exists in the Azaronline Design web application, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the news.php, sgallery.php, etc. scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious SQL query to the vulnerable parameter. This can allow the attacker to gain access to sensitive information from the database.
MetInfo 3.0 is vulnerable to an arbitrary file upload vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability to upload malicious files to the server, such as a web shell, which can be used to gain remote access to the server.
Services By CQR