source: http://www.securityfocus.com/bid/49207/info

Code Widgets Online Job Application is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following example input is available:

Username : ' or 1=1 or ''=''

Password: ' or 1=1 or ''=''

source: http://www.securityfocus.com/bid/49208/info

Code Widgets DataBound Index Style Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/CS0106/category.asp?cat=[sqli]

source: http://www.securityfocus.com/bid/49209/info

Code Widgets DataBound Collapsible Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/CS0077/main.asp?key=[sqli]

source: http://www.securityfocus.com/bid/49210/info

Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/CS0099/index.asp?Q=2&A=[sqli]

source: http://www.securityfocus.com/bid/49468/info

Kisanji is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/default.aspx?gr=[xss]

source: http://www.securityfocus.com/bid/49614/info

Orion Network Performance Monitor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Orion Network Performance Monitor 10.1.3 is affected; other versions may also be vulnerable.

http://www.example.com/Orion/NetPerfMon/CustomChart.aspx?ChartName=AvgRTLoss&NetObject=N:355&ResourceID=17&NetObjectPrefix=N&Rows=&Title=%3Cscript%3Ealert%28%27ALERTA%27%29%3C/script%3E

source: http://www.securityfocus.com/bid/49620/info

Microsoft SharePoint is prone to multiple URI open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.

Successful exploits may redirect a user to a potentially malicious site; this may aid in phishing attacks.

The following products are affected;

Microsoft SharePoint 2007

Microsoft SharePoint 2010

http://www.example.com/Docs/Lists/Announcements/NewForm.aspx?Source=[xss]

source: http://www.securityfocus.com/bid/49667/info

ASP Basit Haber Script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

ASP Basit Haber Script 1.0 is vulnerable; other versions may also be affected.

http://www.example.com/haber.asp?id=28+union+select+0,kullaniciadi,sifre,3,4,5+from+admin

source: http://www.securityfocus.com/bid/49668/info

Multiple Ay Computer products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/v1/urundetay.asp?id=21%28%29

http://www.example.com/v1/default.asp?getir=urunler&id=39%28%29

http://www.example.com/v1/linkler.asp?id=2%28%29

http://www.example.com/detay.asp?ilanid=8%28%29 [SQL]

http://www.example.com/kategoriler.asp?id=4%28%29 [SQL]

http://www.example.com/link.asp?page=referanslarimiz&id=2%28%29 [SQL]

http://www.example.com/?catid=23+union+select+0,1,2,3,4,5+from+admin