Alt-N WebAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks.
The phpRS application is vulnerable to SQL injection due to the lack of proper input sanitization. An attacker can exploit this vulnerability by injecting malicious SQL code into user-supplied input, potentially compromising the application, accessing or modifying data, or exploiting vulnerabilities in the underlying database.
BLOG:CMS is prone to a cross-site-scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.BLOG:CMS 4.2.1.e is vulnerable; prior versions may also be affected.
The file "file_to_index.php" is accessible without any authentication to upload a file. This exploit code is a POC for Maarch Letterbox <= 2.4 and Maarch GEC/GED <= 1.4
slickMsg is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The BlogCFC application is prone to multiple cross-site scripting vulnerabilities due to improper input sanitization. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other attacks.
This exploit allows an attacker to perform a blind SQL injection attack on the ScriptMagix Photo Rating <= 2.0 (viewcomments.php) script. By exploiting this vulnerability, an attacker can retrieve the username and password of the admin user.
The PHP TopSites application is vulnerable to a cross-site scripting (XSS) and SQL injection vulnerability. The application does not properly sanitize user-supplied data, allowing an attacker to execute arbitrary script code in the context of the affected site. This can lead to various attacks such as stealing authentication credentials, compromising the application, accessing or modifying data, and exploiting vulnerabilities in the underlying database.
Mura CMS is prone to multiple cross-site-scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.
Cetera eCommerce is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR