Phpjobscheduler 3.0 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Property Pro v1.0 is vulnerable to a remote login bypass SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database, allowing the attacker to bypass authentication and gain access to the application.
A vulnerability exists in Estate Agent Manager v1.3 (default.asp) which allows an attacker to bypass authentication and gain access to the application. By sending a specially crafted HTTP request, an attacker can inject a malicious SQL query into the vulnerable application. This can be used to bypass authentication and gain access to the application.
This exploit allows an attacker to change the user password of a vulnerable version of Online Event Registration. The vulnerability exists due to the lack of authentication when changing the user password. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to change the user password without any authentication.
Quick.Cart is vulnerable to remote code execution due to the use of register_globals=On. The vulnerability exists in the index.php file on line 33, where the $sLang variable is not properly sanitized before being used in a require_once() statement. This allows an attacker to inject arbitrary code into the application, which will be executed with the privileges of the web server.
CommuniMail is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
A local file inclusion vulnerability exists in ContentNow 1.30 due to insufficient sanitization of user-supplied input to the 'lang' parameter in the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary files from the web server, such as the '/etc/passwd' file, by sending a specially crafted HTTP request.
The xine package is reported prone to a remote format-string vulnerability. This issue arises when the application handles specially crafted playlist files. An attacker can exploit this vulnerability by crafting a malicious file that contains format specifiers and then sending the file to an unsuspecting user. A successful attack may crash the application or lead to arbitrary code execution.
This exploit allows an attacker to execute arbitrary code on the vulnerable server by including a remote file through a vulnerable parameter in the user_standard.php file of CMSmelborp. The attacker can use this vulnerability to upload a malicious file and execute it on the server.
UPublisher 1.0 is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the database and potentially gain access to sensitive information.
Services By CQR