The 'index.php' script of Relative Real Estate Systems fails to properly sanitize user-supplied input before using it in an SQL query. This allows remote attackers to pass malicious input to database queries, potentially leading to modification of query logic or other attacks.
Hobosworld HobSR is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The Search application is prone to a cross-site scripting vulnerability. The issue occurs due to a failure in properly sanitizing user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and other attacks.
Landshop is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
eCommerce Enterprise Edition is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
The Easy Search System is vulnerable to a cross-site scripting (XSS) attack. An attacker can inject arbitrary script code into the browser of a user visiting the affected website, potentially leading to the theft of authentication credentials and other malicious activities.
The Widget Press Widget Property application is prone to an SQL injection vulnerability. The issue occurs when user-supplied input is not properly sanitized before being used in an SQL query. Remote attackers can exploit this vulnerability to pass malicious input to database queries, which could result in the modification of query logic or other attacks.
phpYellowTM is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in an insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This module has been tested successfully with ERS Viewer 2013 (versions 13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
Services By CQR