StatIt visible_count_inc.php statitpath Variable Remote File Inclusion
StatIt contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to visible_count_inc.php not properly sanitizing user input supplied to the 'statitpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
Verisign i-NAV VUpdater.Install ActiveX Arbitrary Code Execution
i-NAV contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due an input validation error within the "InstallProduct" routine of the "VUpdater.Install" ActiveX control. It is possible that the flaw may allow code execution of arbitrary files within ".CAB" archives resulting in a loss of integrity.. Read more.
VP-ASP Shopping Cart shopcurrency.asp cid Variable SQL Injection
VP-ASP Shopping Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the shopcurrency.asp script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Online Universal Payment System index.php read Variable Traversal Arbitrary File Access
Online Universal Payment System contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to the index.php not properly sanitizing user, specifically directory traversal style attacks (../../) supplied via the 'read' variable.. Read more.
Online Universal Payment System index.php read Variable XSS
Online Universal Payment System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'read' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
MaxxSchedule Logon.asp Error Variable XSS
MaxxSchedule contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Error' variable upon submission to the Logon.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
MaxxSchedule Logon.asp txtLogon Variable SQL Injection
MaxxSchedule contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Logon.asp script not properly sanitizing user-supplied input to the 'txtLogon' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
evoTopsites index.php Multiple Variable SQL Injection
evoTopsites contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "cat_id" and "id" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
HB-NS index.php Multiple Variable SQL Injection
HB-NS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "topic" and "id" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
HB-NS index.php Multiple Variable XSS
HB-NS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "poster_name", "poster_email", "poster_homepage", and "message" variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Vuln: RealVNC Remote Authentication Bypass Vulnerability
RealVNC Remote Authentication Bypass Vulnerability. Read more.
Vuln: Jax Guestbook Page Parameter Cross-Site Scripting Vulnerability
Jax Guestbook Page Parameter Cross-Site Scripting Vulnerability. Read more.
Vuln: Foing Multiple Remote File Include Vulnerabilities
Foing Multiple Remote File Include Vulnerabilities
. Read more.
Vuln: PHP Live Helper Chat.PHP Cross-Site Scripting Vulnerability
PHP Live Helper Chat.PHP Cross-Site Scripting Vulnerability. Read more.
Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9
Re: [Full-disclosure] POC exploit for freeSSHd version 1.0.9. Read more.
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability
YapBB <= 1.2 Beta2 'find.php' SQL Injection Vulnerability
. Read more.
RE: Is MS06-018 a DoS or a system compromise ?
RE: Is MS06-018 a DoS or a system compromise ?. Read more.
DeluxeBB 1.06 Remote SQL Injection Exploit
DeluxeBB 1.06 Remote SQL Injection Exploit. Read more.
