QuickOffice v3.1.0 for iPhone/iPod Touch is vulnerable to a malformed HTTP Method Remote Denial of Service attack. An attacker can send a specially crafted HTTP request with an invalid method to the server, causing the server to crash. This vulnerability affects QuickOffice Connect v3.1.0 and prior program versions.
The E-Book Store web site script bundled with 120 ebooks with resellers right is vulnerable to an SQL injection attack. An attacker can inject malicious SQL queries via the 'keyword' parameter in the 'search.php' script.
The Joke Website Script is vulnerable to SQL injection and Cross-Site Scripting. An attacker can inject malicious SQL code into the 'keyword' parameter of the 'search.php' script to execute arbitrary SQL commands in the back-end database. An attacker can also inject malicious JavaScript code into the 'keyword' parameter of the 'search.php' script to execute arbitrary JavaScript code in the browser of the victim.
The Daily Inspirational Quotes Script is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'id' parameter in the 'tellafriend.php' script.
Membership Site Script is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'id' parameter in the 'target/view.php' script.
Lyrics Script is vulnerable to SQL Injection and Cross-Site Scripting. An attacker can inject malicious SQL queries via the 'search' and 'k' parameters in the 'search_results.php' script, and inject arbitrary HTML and script code via the 'k' parameter in the 'search_results.php' script. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site, and possibly launch other attacks.
Pre Classified Listing is a vibrant and varied classified listings script developed in ASP. Features a fully administratively controlled system where admin can control the Site Setup, users, Ads, categories, and more. A SQL injection vulnerability exists in the detail_ad.asp page, which allows an attacker to execute arbitrary SQL commands on the underlying database.
Real-time ASP Calendar Platform contains a SQL Injection vulnerability which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is located in the 'dt' parameter of the 'calendar.asp' script when directly passed to the SQL query. An attacker can inject malicious SQL commands to manipulate the database and gain access to sensitive information.
Digital Interchange Calendar version 5.8.5 is vulnerable to SQL injection. A remote attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
A SQL injection vulnerability exists in Eyeland Studio Inc. game.php script, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'game.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can allow an attacker to gain unauthorized access to the vulnerable system and execute arbitrary SQL commands.
Services By CQR