The topsite website allows visitors to search for the top rated websites participating in the topsite program. Webmasters can list their sites for free and in return they will receive code for their website. After a webmaster has registered, s/he will be able to select the category that best describes his/her website, add a Description and copy and paste the code for their website. Statistics are provided for each website.
The Webring service offers a place where users can create their own webrings, which is a community of websites that are connected that offers more traffic to the member of the ring. With our webring service users easily create their free webring that also displays on the web site homepage, plus visitors the the users webrings can easily add their own website that is 100% moderated from the members area. This website has enormous traffic potential and features a rotating banners system and newsletter for advertising revenue.
The Hot or Not site is a picture rating website where people can post pictures for other's to rate and post comments on. The site also features an email system for members to communicate through the website. This is is an excellent traffic builder with advertising revenue potential.
Classifieds are an excellent revenue generator that brings sellers and buyers together. With our classifieds site, you can build revenues by offering a service that everyone can use. The classifieds site is a 100% automated site that allows seller to post ads based on categories. The site comes preprogrammed with PayPal and Stormpay as payment processors using the IPN system for a truly hands free experience. Sellers create an account and pick a package to post their ads that the admin specifies, which includes choosing from standard ads to featured ads that appear on the main webpage. This site also includes a rotating banner management system and newsletter that is easily moderated from the admin area.
2daybiz online classified system allows users to post new ads, for which a predefined amount can be charged. Billing is handled automatically and seamlessly through many of the popular payment gateways. The system is vulnerable to both SQL injection and Cross-Site Scripting (XSS). An attacker can exploit the SQL injection vulnerability by sending malicious SQL queries to the server via the 'cid' parameter in the 'categorysearch.php' script. An attacker can exploit the XSS vulnerability by sending malicious JavaScript code to the server via the 'cid' parameter in the 'categorysearch.php' script.
The Uploader 2.0.4 is vulnerable to a remote file disclosure vulnerability. This vulnerability is due to a lack of proper validation of user-supplied input in the 'filename' parameter of the 'api/download_launch.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to view the contents of arbitrary files on the server.
Subtitle Translation Wizard v3.0.0 is vulnerable to a SEH overwrite vulnerability. An attacker can create a malicious .srt file containing a buffer of 10000 'A' characters, which when opened in the application, will cause a denial of service.
JomSocial 1.6.288 is vulnerable to persistent XSS in the status, mobile phone, land phone, state, city, website, college, name, subject and message fields. The XSS can be triggered by entering malicious code in the fields. The XSS is rendered in the tips section of the album listing, admin edit user page, the main jomsocial page in the members avatar field at the top, affected user's profile, who's online, the wall posts, group discussion replies (but not the initial discussion message), people search results, compose message, write message friend list multiselect, new message notification, inbox (main listing), inbox (while reading message), friends approval list, online users mod, latest members mod, latest groups, group listing, group search results, frontend edit group form, admin edit group modal and the report **** admin page.
A SQL injection vulnerability exists in Alpin CMS, which could allow an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'e4100.asp' and 'e4200.asp' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable system. Successful exploitation could result in unauthorized access to sensitive information or allow an attacker to modify data in the back-end database.
A vulnerability has been identified in PHPWCMS, which could be exploited to conduct cross-site request forgery attacks. This issue is caused due to input validation errors in the administrative interface when processing HTTP requests, which could be exploited by attackers to manipulate certain data by tricking an administrator into visiting a malicious web page.
Services By CQR