The phpCoupon application fails to properly secure PayPal payment transactions, allowing remote attackers to perform payment transactions without actually paying money and obtain services for free. An example URI demonstrating this issue is: http://www.example.com/path/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
The Real Estate Listing Website Application Template is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script: anything' OR 'x'='x
The Pay Roll - Time Sheet and Punch Card Application With Web Interface is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script: anything' OR 'x'='x
The Message Board / Threaded Discussion Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script: anything' OR 'x'='x
The Online Store Application Template is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script: anything' OR 'x'='x
The Berthanas Ziyaretci Defteri web application is vulnerable to SQL Injection attacks. This vulnerability occurs because user-supplied data is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit other latent vulnerabilities in the underlying database.
Metyus Forum Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The parameter DdnsHostName is vulnerable to Persistent Cross Site Scripting. However, there is client side input validation, which can easily be bypassed.
This exploit allows remote attackers to execute arbitrary code via a crafted .avi file in GOM Player. The vulnerability occurs when the player fails to properly handle certain inputs, leading to memory corruption.
The exploit allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .avi file processed by PotPlayer.
Services By CQR