AlstraSoft Video Share Enterprise is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting vulnerabilities and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database.
The vulnerability exists in the 'show' parameter of the 'index.php' file. An attacker can exploit this by injecting SQL queries in the 'id' parameter, potentially allowing unauthorized access to the database.
Attacker can easily change Wireless password, Reboot Router, Reset Router, Change Router's Admin Password by simply making the user visit a CSRF link.
This exploit allows an attacker to inject malicious JavaScript code into the title field of a wallpaper on the Wallpaper Script platform. When a regular member views the wallpaper, the injected code will be executed, leading to a Cross-Site Scripting (XSS) attack.
This vulnerability allows an attacker to bypass the remote login of ASPTicker 1.0 by injecting SQL queries. By exploiting this vulnerability, an attacker can gain unauthorized access to the system.
The VUPlayer 2.49 (.M3U) exploit allows for a universal buffer overflow/DEP bypass. It is triggered by opening a specially crafted .M3U file. The vulnerability allows an attacker to execute arbitrary code on the targeted system.
PHMe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Image Racer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Asp cvmatik is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The Alisveris Sitesi Scripti application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
Services By CQR