WebAsyst Shop-Script is prone to a cross-site-scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to harvest sensitive information that may lead to further attacks. The vulnerable URLs include: http://www.example.com/conf/ssl/apache/integrity-smartcenter.cert, http://www.example.com/conf/ssl/apache/integrity-smartcenter.key, http://www.example.com/conf/ssl/apache/integrity.cert, http://www.example.com/conf/ssl/apache/integrity.key, http://www.example.com/conf/ssl/apache/smartcenter.cert, http://www.example.com/conf/ssl/integrity-keystore.jks, http://www.example.com/conf/ssl/isskeys.jks, http://www.example.com/conf/ssl/openssl.pem, http://www.example.com/conf/integrity.xml, http://www.example.com/conf/jaas/users.xml, http://www.example.com/bin/DBSeed.xml, http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.cert, http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.key, http://www.example.com:8080/conf/ssl/apache/integrity.cert, http://www.example.com:8080/conf/ssl/apache/integrity.key, http://www.example.com:8080/conf/ssl/apache/smartcenter.cert, http://www.example.com:8080/conf/ssl/integrity-keystore.jks, http://www.example.com:8080/conf/ssl/isskeys.jks, http://www.example.com:8080/conf/ssl/openssl.pem, http://www.example.com:8080/conf/integrity.xml, http://www.example.com:8080/conf/jaas/users.xml, http://www.example.com:8080/bin/DBSeed.xml
An attacker can exploit this issue to gain unauthorized administrative access to the affected devices. A bash script can be used to find the session ID of the device, which can then be used to gain access.
Escortservice is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Wireshark is prone to a memory-corruption vulnerability because it fails to properly handle certain files. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.
Firebook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.
Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected.
Web Wiz Forums is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Betsy is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
All In One Control Panel (AIOCP) is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Services By CQR