An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can inject malicious SQL queries in the vulnerable parameter 'cid' of the 'products.php' script. This can allow the attacker to access sensitive information from the database such as usernames and passwords.
It was found that apemCMS does not validate properly the "id" parameter value.
X-Cart Pro v4.0.13 is vulnerable to a SQL injection attack. An attacker can send a specially crafted HTTP POST request to the vulnerable application in order to inject malicious SQL code into the application's database. This can be used to gain unauthorized access to the application's data or to execute arbitrary code on the server.
Cisco Collaboration Server 5 is vulnerable to Cross-Site Scripting (XSS) and Source Code Disclosure. An attacker can inject malicious JavaScript code into the vulnerable parameter of the LoginPage.jhtml file. Additionally, the source code of .jhtml files can be revealed to the end user by requesting any of the following: Normal File, Modified 1, Modified 2, Modified 3, and Modified 4.
A SQL injection vulnerability exists in Books/eBooks Rental Software, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'cat_id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, such as usernames and passwords.
CD Rentals Script is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by appending malicious SQL queries to the vulnerable parameter 'cat_id' in the URL. This can allow an attacker to gain access to the database and extract sensitive information such as usernames and passwords.
Radasm (.rap) Universal buffer overflow Exploit is a vulnerability in Radasm (.rap) which allows an attacker to execute arbitrary code by overflowing a buffer. The vulnerability is caused due to a boundary error when handling .rap files. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted .rap file to the affected application. Successful exploitation may allow execution of arbitrary code.
myPHP Guestbook is vulnerable to a Database Backup Dump vulnerability. An attacker can access the backup.sql file which contains the database backup dump of the application. This can lead to the disclosure of sensitive information.
The GameRoom script from ezonescripts.com has an unprotected admin panel, allowing attackers to upload a malicious shell.php.gif or shell.php.swf file.
The vulnerability exists in the CaptchaSecurityImages.php script, which is vulnerable to a Denial Of Service attack. An attacker can send a crafted request with large values for the width, height and characters parameters, which will cause the script to crash. To fix the vulnerability, the script should be modified to use constant values for the width, height and characters parameters.
Services By CQR