The Plesk Server Administrator (PSA) is prone to a local file-include vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
The crash occurs due to an out of bounds read. We overwrite 4 bytes in an FG44 chunk header with xffxffxffxff. The crash occurs during image parsing.
This PHP script demonstrates a proof of concept for the php_binary session deserialization vulnerability. By manipulating the session data, an attacker can leak sensitive information from the server.
Arab Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Help and Support Center is vulnerable to cross-site scripting attacks due to inadequate input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser's privileged zone of an unsuspecting user.
Bits Video Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Due to inproper input validation, the CGI application 'rrdbrowse' (versions <=1.6) is vulnerable to an arbitrary file disclosure vulnerability. It allows an unauthenticated remote attacker to read any file on the remote system if the user the webserver is running as has permissions to do so. Thus an attacker is able to gain access potentially sensitive information. The vulnerability is trivial to exploit and only requires specifying an URL with a relative file path on the remote system.
Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Hitmaaan Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR