webERP is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Dolphin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
ManageEngine ADSelfService Plus is prone to multiple vulnerabilities, including multiple security-bypass and cross-site scripting vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help them steal cookie-based authentication credentials and launch other attacks.
UMI CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
CiviCRM is prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
ViArt Shop is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
WebAsyst Shop-Script is prone to a cross-site-scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Multiple Check Point endpoint security products are prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to harvest sensitive information that may lead to further attacks. The vulnerable URLs include: http://www.example.com/conf/ssl/apache/integrity-smartcenter.cert, http://www.example.com/conf/ssl/apache/integrity-smartcenter.key, http://www.example.com/conf/ssl/apache/integrity.cert, http://www.example.com/conf/ssl/apache/integrity.key, http://www.example.com/conf/ssl/apache/smartcenter.cert, http://www.example.com/conf/ssl/integrity-keystore.jks, http://www.example.com/conf/ssl/isskeys.jks, http://www.example.com/conf/ssl/openssl.pem, http://www.example.com/conf/integrity.xml, http://www.example.com/conf/jaas/users.xml, http://www.example.com/bin/DBSeed.xml, http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.cert, http://www.example.com:8080/conf/ssl/apache/integrity-smartcenter.key, http://www.example.com:8080/conf/ssl/apache/integrity.cert, http://www.example.com:8080/conf/ssl/apache/integrity.key, http://www.example.com:8080/conf/ssl/apache/smartcenter.cert, http://www.example.com:8080/conf/ssl/integrity-keystore.jks, http://www.example.com:8080/conf/ssl/isskeys.jks, http://www.example.com:8080/conf/ssl/openssl.pem, http://www.example.com:8080/conf/integrity.xml, http://www.example.com:8080/conf/jaas/users.xml, http://www.example.com:8080/bin/DBSeed.xml
An attacker can exploit this issue to gain unauthorized administrative access to the affected devices. A bash script can be used to find the session ID of the device, which can then be used to gain access.
Escortservice is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Services By CQR