The Kontakt Formular is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
CustomCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This exploit allows remote attackers to execute arbitrary code on the target system by exploiting a vulnerability in the AllMyLinks 0.5.0 application. By sending a specially crafted request to the 'index.php' page with the 'AML_opensite' parameter set to a malicious script, an attacker can execute arbitrary code on the target system. This vulnerability was published on 2007-01-07 on milw0rm.com.
Makale Scripti is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers may also exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CoolPlayer is prone to a buffer-overflow vulnerability due to inadequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted OGG files. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code within the application's context. Failed exploit attempts may result in denial-of-service conditions.
This is a proof of concept code for exploiting a SQL injection vulnerability in Wordpress 2.0.5. The vulnerability allows an attacker to execute arbitrary SQL queries by injecting malicious code through a trackback request. The exploit specifically targets the use of UTF-7 encoding in the trackback parameter, which can be used to bypass input sanitization and inject SQL commands. The code retrieves the cookie hash from the target Wordpress blog and prints it to the console.
OpenBiblio is prone to multiple input-validation vulnerabilities including SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
FaqMasterFlexPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The FaqMasterFlexPlus application is prone to a cross-site scripting vulnerability due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, potentially leading to the execution of malicious scripts in the browser of unsuspecting users. This could result in the theft of authentication credentials and the initiation of further attacks.
Services By CQR