PHP Advanced Transfer Manager is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PHP Advanced Transfer Manager is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Exploitation of any of these vulnerabilities could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
Hesk is prone to an authentication bypass vulnerability. Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive data, modification of helpdesk data and program code, and other types of attacks. An attacker can exploit this issue by sending a specially crafted HTTP POST request with a randomly chosen Session ID, followed by a GET request to the administrative control panel.
MX Shop is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
NooToplist is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
vBulletin is prone to multiple SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This can allow an attacker to inject malicious SQL code into the application, which can be used to manipulate the database, disclose sensitive information, or even execute arbitrary code on the server.
vBulletin is prone to multiple SQL injection vulnerabilities due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. An attacker can exploit these issues to compromise the application, disclose or modify data, or exploit vulnerabilities in the underlying database implementation.
EPay Pro is prone to a directory traversal vulnerability due to a lack of proper validation of user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of confidentiality and may aid in further attacks against the underlying system.
Apple Safari is prone to a memory corruption vulnerability. This issue is exposed when the browser opens specific 'data:' URIs, causing the browser to crash. Though unconfirmed, this vulnerability could be exploitable to execute arbitrary code.
Content2Web is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this lack of sanitization to perform SQL injection attacks, cross-site scripting attacks and include local PHP files. It may also be possible to include remote PHP files as well; this has not been confirmed. The consequences of these attacks vary from a compromise of the system, the execution of arbitrary code and the theft of cookie-based authentication credentials, all in the context of the Web server process.
Services By CQR