Apple Iphone Pointter is a PHP-based social network platform that lets you create a social network on your website. Right out of the box, your social network will offer nearly all of the features found on today's wildly popular social networks. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application with malicious input in the 'pid' parameter. This can lead to the disclosure of sensitive information from the server.
Pointter is a PHP-based social network platform that lets you create a social network on your website. Right out of the box, your social network will offer nearly all of the features found on today's wildly popular social networks. The vulnerability is a Local File Inclusion (LFI) vulnerability which allows an attacker to include local files on the server.
MooreAdvice is vulnerable to SQL injection via the 'CatID' parameter in the 'productlist.asp' and 'productdetail.asp' pages. An attacker can inject arbitrary SQL code into the 'CatID' parameter and execute it on the underlying database.
VGM Forbin is vulnerable to SQL injection. An attacker can inject malicious SQL code into the 'ID' parameter of the 'article.asp' page. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
When attackers login with user information, attackers can update their profile by injecting javascript into fields like 'First Name' and 'Title'.
A parameter is not properly sanitised before being used in a SQL query. The id parameter in profile.php is not properly sanitised before being used in a SQL query. That is not the query which selects the information about the user specified by the id parameter but is the query that selects the image's name. The affected query is a query of five fields. When the injected condition is true, in the page will be printed the real link to the personal image of the user specified by the id parameter, otherwise a link to bignophoto.gif.
A numeric field is not properly sanitised before being used in a SQL query. The pid parameter in packagedetails.php is not properly sanitised before being used in a SQL query. Successful exploitation requires that the pid value exists in the database, or rather that is a real package id.
Some fields are not properly sanitised before being used in SQL queries. The comment parameter in add_comments.php is not properly sanitised before being used in a INSERT type SQL query. The values parameter in tags_details.php (search form) is not properly sanitised before used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc"" is disabled. There is a SQL injection that maybe may be exploited bypassing the internal filters in the begin parameter. The affected file is greetings.php."
A permanent XSS vulnerability exists in InterScan Web Security Virtual Appliance 5.0. An attacker can send a specially crafted HTTP request with malicious JavaScript code to the vulnerable application in order to execute arbitrary code in the context of the user's browser. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
MadjiX.m3u Buffer Overflow is a vulnerability in the MadjiX.m3u file which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when handling the file, which can be exploited to cause a stack-based buffer overflow. By sending a specially crafted file to the vulnerable system, an attacker can overwrite the SEH handler and execute arbitrary code on the system.
Services By CQR