An attacker can execute arbitrary script code in the browser of an unsuspecting user by leveraging the cross-site scripting vulnerabilities in Oracle JD Edwards EnterpriseOne. This can lead to the theft of authentication credentials and other attacks.
This exploit allows an attacker to perform a blind SQL injection attack on Joomla Component Car Manager version 1.1. It retrieves the admin username and password from the database.
An attacker can execute arbitrary script code in the browser of a user in the context of the affected site, potentially stealing authentication credentials and launching other attacks.
The ChatLakTurk PHP Botlu Video application is prone to a cross-site scripting vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user. This can lead to the theft of cookie-based authentication credentials and the launch of further attacks.
The WP-StarsRateBox plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Ultra Marketing Enterprises CMS and Cart is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully exploiting this issue may lead to other attacks.
CRESUS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The 'com_phocadownload' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
This exploit allows an attacker to include remote files by manipulating the 'lib_path' parameter in the ez_sql.php file of ttCMS version 4 or earlier.