The local file-include vulnerability allows an attacker to view and execute arbitrary local files within the context of the webserver process by using directory-traversal strings. The SQL-injection vulnerability can be exploited to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The RunCMS 'partners' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Qianbo Enterprise Web Site Management System is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Agahi Advertisement CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
PhpAlbum.net is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable process.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
The TOTVS ERP Microsiga Protheus is prone to a denial-of-service vulnerability due to a memory-corruption issue. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed.
Winamp is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Website Baker is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Plogger is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR