PayProCart may allow a remote attacker to carry out directory traversal attacks. It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter. Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.
LOG-FT is reported prone to an arbitrary file disclosure vulnerability. This issue results from an access validation error and can allow a remote attacker to disclose sensitive data. It is reported that an attacker can simply issue a specially crafted HTTP GET request to disclose sensitive files in the context of the affected Web server. Information disclosed through this attack may expose sensitive data that may be used to carry out further attacks against a computer.
An authenticated attacker may leverage this issue to disclose user names and account information of users in their group. This may facilitate further attacks against the affected server.
Due to an error in the way 'replace()' handles lambda expressions, a remote attacker can access arbitrary heap memory from a vulnerable client. Information harvested in this manner could then aid in further attacks launched against the vulnerable computer (such as memory-corruption exploits).
nwprint that is distributed with SCO OpenServer is prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. A local attacker can gain elevated privileges (lp user) by exploiting this issue.
SiteEnable is reported prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, potentially leading to a compromise of the affected device.
A buffer overflow is present in Jedi Academy that can be exploited remotely by client systems. The overflow is due to the use of the sprintf() function in a text visualization procedure, G_Printf(). The attacker can exploit this vulnerability to execute arbitrary code on the server.
EPay Pro is reported to be affected by various cross-site scripting vulnerabilities. These problems present themselves when malicious HTML and script code is sent to the application through multiple parameters. This issue may allow for theft of cookie-based authentication credentials or other attacks.
EPay Pro is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'view' parameter. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer.
Services By CQR