Alisveristr E-commerce is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The following example is available:Username : ' or ''='Password : ' or ''='
The vulnerability allows attackers to inject arbitrary script code into the affected site, potentially leading to the execution of malicious actions in the browser of unsuspecting users. This can result in the theft of authentication credentials and other attacks.
The Solupress News application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other attacks.
Adobe Reader X fails to validate the input when parsing an embedded BMP RLE encoded image. Arbitrary code execution in the context of the sandboxed process is proved possible after a malicious embedded BMP image triggers a heap overflow.
ASPS Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Java Search Engine is vulnerable to a cross-site scripting attack. This vulnerability occurs due to the lack of proper input sanitization by the application. An attacker can exploit this vulnerability by injecting arbitrary script code through user-supplied input. When a victim user visits a specially crafted URL, the injected script code will execute in their browser within the context of the affected site. This can lead to various malicious activities, including the theft of authentication credentials stored in cookies.
NetClassifieds is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
PHPX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Multiple cross-site scripting vulnerabilities in phpMyChat allow remote attackers to inject arbitrary web script or HTML via the (1) medium parameter to style.css.php or the (2) FontName parameter.
Trac is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Services By CQR