The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'm' parameter to '/index.php' script. A remote attacker can execute arbitrary HTML and script code in browser in context of the vulnerable website or execute arbitrary SQL commands in application's database.
A denial of service vulnerability exists in Microsoft Internet Explorer when processing a VML (Vector Markup Language) element with a malformed fill method. This can be exploited to crash Internet Explorer by tricking a user into visiting a malicious web page.
Bcwb 0.99 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the '_PHPLIB[libdir]' parameter in 'prepend.php' script. This can be exploited to execute arbitrary PHP code by including a remote file via HTTP or FTP protocol.
MyReview 1.9.4 is vulnerable to SQL Injection due to the lack of input validation in the GetMember function in functions.php. An attacker can exploit this vulnerability to inject malicious SQL code into the application, allowing them to gain access to the database and potentially execute arbitrary code on the server. The vulnerability can be patched by adding '$email=addslashes(trim($email));' before the query and using something else, very buggy script.
Simple Discussion Board (sdb) is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A SQL injection vulnerability exists in Tekman Portal v1.0 (tr) due to improper sanitization of user-supplied input to the 'uye_id' parameter in 'uye_profil.asp'. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the context of the application, allowing for the retrieval of sensitive data from the database, such as usernames and passwords.
More.Groupware 0.7.4 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the system and extract sensitive information such as passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'user_edit' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code in the 'id' parameter. This will allow the attacker to execute arbitrary SQL commands on the underlying database.
Pie Cart Pro is vulnerable to a remote file inclusion vulnerability due to a lack of sanitization of user-supplied input to the 'Home_Path' parameter in the 'enc/content.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable server by supplying a malicious URL in the 'Home_Path' parameter.
Exponent CMS 0.96.3 stable (possibly other versions) is vulnerable to arbitrary local inclusion / remote commands execution. This vulnerability is due to the magic_quotes_gpc disable code in pathos_bootstrap.php which will try to include some session files. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system.
Services By CQR