Online Photo Pro (formerly known as EPhoto PRO) is the state-of-the-art online photo catalog that allows you to create a professional online catalog in no time. It can be used as a Photo Gallery, Product Catalog, CD Collection, Image Database or anything you can imagine. Online Photo Pro features Auto Category & Photo Listing, Sorting, Independent Message Board for each photo, Comprehensive Stats, Rating, Full Admin Interface and much more. SQL Injection, XSS and HTML Injection vulnerabilities have been identified in the application.
Online Guestbook Pro (formerly known as EGuest PRO) is an award-winning comprehensive guestbook system based on the popular guestbook system EGuest. New features including Image Verification Code, Admin Interfaces, Theme Support, Advanced Search with Highlight, Auto Web/Email Links, IP/Word Banning, Blank Line Protection, 250+ Smiley and much more. It excels any other guestbook scripts, allowing you to have a truly professional guestbook on your website.
TCW PHP Album is prone to a SQL injection vulnerability because it fails to properly sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may compromise the application, disclose sensitive data, modify data, or exploit latent vulnerabilities in the underlying database.
iLister listing script is an extremely powerful and flexible multi-language classifieds software. iLister listing script is your best choice in creating a SEO-friendly classifieds ads website for your visitors to sell anything, from cars to houses, to watches, to pets, to software scripts, or to works of art. If you need a powerful business directory script, iLister is the best choice to build a popular business directory. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable server containing the LFI payload. The payload can be sent to the vulnerable parameter 'action' in the URL http://server/search_results/?action=[LFI]
A SQL injection vulnerability exists in phpaaCms due to improper sanitization of user-supplied input in the 'id' parameter of the 'list.php' script. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database, allowing them to access or modify sensitive data.
This exploit is a remote buffer overflow vulnerability in the Registry OCX component of Windows XP SP3. It is written in VBScript and uses a NOP sled and a bind shell payload to execute arbitrary code. The payload is encoded in hexadecimal and is injected into the vulnerable component.
In the search field, search values not filtered and inserted into sql queries without using any quotes/single quotes and Simple:Press execute this sql queries. Exploit code: http://[target]/wp-content/plugins/simple-press/sf-header-forum.php?search=1&value=[SQL]
The solution adopted to avoid SQL Injection flaws is not appropriate. This allows the existence of many SQL Injection flaws. The solution adopted consists in transforming the query string in uppercase and checking the existence of the words UNION and SELECT. But using the C-like comments in the query string, it is possible to bypass the filter.
With SocialAds for JomSocial, an attacker can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement, Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away. An attacker can post XSS scripts in the ads description, which can be accessed by visiting the URL http://server/js/index.php?option=com_socialads&view=showad&Itemid=94 and http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23.
iScripts SocialWare is affected by multiple remote security flaws, such as SQL Injection, Arbitrary File upload, etc. These security flaws DO NOT require authentication. Other files may be vulnerable.
Services By CQR