The PHP Labs Survey Wizard is vulnerable to an SQL injection attack. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'sid' parameter of the 'survey.php' URL. Successful exploitation of this vulnerability could lead to various consequences, including compromise of the application, disclosure or modification of data, and the ability to exploit other vulnerabilities in the database implementation.
OmnistarLive is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Tunez is prone to multiple input validation vulnerabilities. The application is affected by an SQL injection vulnerability and a cross-site scripting issue. Successful exploitation of the SQL injection issue could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The cross-site scripting issue may facilitate the theft of cookie-based authentication credentials as well as other attacks.
AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
The 1-2-3 Music Store is vulnerable to an SQL injection attack. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by manipulating the 'AlbumID' parameter in the 'process.php' file. Successful exploitation of this vulnerability could lead to a compromise of the application, disclosure or modification of data, or enable the attacker to exploit vulnerabilities in the underlying database implementation.
PmWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser session of another user in the context of the site hosting the application. This could allow for theft of cookie-based authentication credentials or other attacks.
An invalid pointer dereference vulnerability has been identified in WinAmp v5.63. The application loads the contents of the %APPDATA%WinAmplinks.xml on startup and while browsing through the bookmarks in the Browser view of the GUI, but does not properly validate the length of the string loaded from the "<link name>" and "<home url>" keys before using them in a pointer call in the library gen_ff.dll, which leads to an invalid pointer dereference condition with possible code execution. An attacker needs to force the victim to place an arbitrary links.xml file into the target directory in order to exploit the vulnerability. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploits will result in a denial-of-service condition.
The Machform form maker has multiple vulnerabilities, including arbitrary file upload, MySQL injection (error based), and XSS. The arbitrary file upload vulnerability allows an attacker to upload files to the server. The MySQL injection vulnerability allows an attacker to execute malicious SQL queries. The XSS vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. These vulnerabilities can be exploited by an attacker to gain unauthorized access to the system, steal sensitive information, or perform other malicious activities.
OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulnerabilities.
Services By CQR