Mac's CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit allows an attacker to bypass the safe_mode restriction in PHP COM extensions on inconsistent Win32 systems. It utilizes the WScript.Shell COM object to execute a command provided through the 'cmd' parameter in the GET request. The output of the command is then saved to a file named 'suntzoi.txt' in the same directory as the script. The contents of the file are then displayed on the webpage.
Yappa (Yet Another PHP Photo Album) is prone to multiple remote command-execution vulnerabilities because it fails to properly validate user-supplied input. An attacker can exploit these issues to execute arbitrary commands within the context of the vulnerable system.
SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The ArticleMS software is prone to a cross-site scripting vulnerability. This vulnerability occurs due to the software's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, potentially leading to the theft of authentication credentials and other attacks.
osCSS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Real Estate Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This exploit allows an attacker to crash MP3 Cutter application, denying service to legitimate users.
PHPFABER CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Flat Chat Portal version 2.0 is vulnerable to remote code execution. An attacker can exploit this vulnerability by inserting a malicious script in the chat name parameter. By executing commands through the 'cmd' parameter in the users.php page, the attacker can execute arbitrary code on the system.