Eventum is prone to an insecure file-permission vulnerability. An attacker can exploit this issue to reinstall vulnerable application. This may aid in further attacks.
Maian Uploader is prone to multiple security vulnerabilities, including an SQL-injection vulnerability, multiple cross-site scripting vulnerabilities, and a full path disclosure vulnerability. Attackers can exploit these issues to access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and steal cookie-based authentication credentials. Maian Uploader 4.0 is vulnerable; other versions may also be affected.
WP e-Commerce plugin for WordPress is prone to multiple security vulnerabilities, including multiple remote code-execution vulnerabilities, a local file-include vulnerability, and an arbitrary file-upload vulnerability. An attacker can exploit these issues to execute arbitrary code, include arbitrary local files, and upload arbitrary files to the affected computer that may result in arbitrary code execution within the context of the vulnerable application.
ZenPhoto is prone to an SQL-injection vulnerability and multiple path-disclosure vulnerabilities. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The attacker may gain access to potentially sensitive information that can aid in other attacks.
GoToMeeting for Android is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information, which may aid in further attacks.
XOS Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Global Flash Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Imageview is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Sexy polling extension for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The vulnerability can be exploited by sending a specially crafted POST request to the vulnerable page.
Services By CQR