Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database.
An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further attacks against the vulnerable application or the underlying system.
Easypx41 is prone to cross-site scripting vulnerabilities. An attacker may leverage these issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
@Mail is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
MDaemon server is prone to a directory traversal vulnerability due to improper sanitization of user input. Failure to sanitize the filename and path may result in compromise of the file system outside of the application's quarantine directory. The following email attachment filename example was provided: '../../../../../file.exe'
PHPList is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Clever Copy is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation checks before granting access to private message functions. An attacker can exploit this vulnerability to delete or view arbitrary private messages of an valid user.
BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
BMForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Clever Copy is prone to multiple cross-site scripting vulnerabilities due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR