Citadel WebCit is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
The Piwigo CMS version 2.5.3 is vulnerable to Stored XSS on multiple parameters and CSRF vulnerability. In the first vulnerability, an attacker can inject malicious payload in the album name and execute arbitrary code. The payload can also be executed when managing albums. In the second vulnerability, an attacker can exploit the 'add a user' functionality using CSRF vulnerability.
The AzDG Dating Gold application fails to properly sanitize user-supplied input, leading to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary remote files containing malicious script code in the context of the webserver process. This can result in the compromise of the application and the underlying system.
The AzDG Dating Gold application fails to properly sanitize user-supplied input, which leads to multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities by injecting a malicious script code through the 'int_path' parameter in the 'footer.php' script. This allows the attacker to execute arbitrary remote files and potentially compromise the application and the underlying system.
The application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary remote files containing malicious script code in the context of the webserver process. This can lead to compromise of the application and the underlying system.
MzK Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This is a remote exploit for Borland Interbase 7.1 SP 2 and lower versions. It allows an attacker to execute arbitrary code on the target system. The exploit was discovered by Aviram Jenik and published on securiteam.com. The exploit works by sending specially crafted buffers to the InterBase server, causing a buffer overflow and allowing the attacker to gain root access. The exploit has been tested on Linux Interbase 7.1 SP 2.
activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation vulnerabilities to perform various attacks (e.g. cross-site scripting, SQL injection, etc.).
activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Services By CQR