The PHP File Uploader application fails to adequately limit the types of files that are uploaded. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process, leading to unauthorized access, privilege escalation, or other attacks.
The NPDS Revolution application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially allowing them to steal authentication credentials and launch other attacks.
The NPDS Revolution web application is prone to an SQL-injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. This vulnerability can be exploited by an attacker to compromise the application, gain unauthorized access or modify data, and potentially exploit other latent vulnerabilities in the underlying database.
The GameCore software is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause a denial-of-service condition.
The Mani Admin Plugin Stats Reader V1.2 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by manipulating the 'ipath' parameter in the 'index.php' file to include malicious files from a remote server.
C99Shell is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
TomatoCMS is prone to a SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database or to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
The Torque Game Engine is prone to multiple denial-of-service vulnerabilities. An attacker with valid login credentials can exploit these issues to cause the application using the engine to crash, resulting in a denial-of-service condition. Other attacks may also be possible.
The Saurus CMS application fails to sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of a user on the affected site, potentially stealing authentication credentials and launching other attacks.
The Affiliate Store Builder application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR