CAArticles 2.0 is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files in the context of the webserver process.
CAFreeWallpaper is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to access sensitive files outside of the intended directory.
CAFFAPage is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to access sensitive files outside of the web root directory. This may aid in further attacks.
An attacker can access the CADirectory.mdb file which contains sensitive information such as usernames and passwords.
Amaya Web Browser is prone to a buffer overflow vulnerability when processing HTML tags with overly long attributes. This issue is due to a failure in the application to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.
Forest Blog v1.3.2 is vulnerable to a remote database disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view the contents of the database, potentially leading to the disclosure of sensitive information.
IsWeb CMS v 3.0 is vulnerable to Blind $qL Injection and XSS. An attacker can inject malicious SQL queries in the vulnerable parameter 'id_sezione' and execute arbitrary SQL commands in the database. An attacker can also inject malicious JavaScript code in the vulnerable parameter 'azione' and 'id_doc' and execute arbitrary JavaScript code in the victim's browser.
The RealtyListing V1/V2 application is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.
The Automotive Dealer V1/V2 application is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
A SQL injection vulnerability exists in Home Builder V1.0 / V2.0. An attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary SQL commands in the back-end database, allowing them to access or modify critical application data, compromise the application, and potentially compromise the underlying system.
Services By CQR