Oracle Supply Chain Products Suite is prone to a remote vulnerability in Oracle Demantra Demand Management. Attackers can exploit this issue to obtain sensitive information by sending a POST request to the GraphServlet with the filename parameter set to the path of the web.xml file.
The Almond Classifieds Component for Joomla is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Atmail Webmail Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
EZGenerator is prone to a local file-disclosure vulnerability and a cross-site request-forgery vulnerability. An attacker may leverage these issues to perform unauthorized actions in the context of a logged-in user, or obtain sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.
UAEPD Shopping Cart Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
An attacker can exploit these vulnerabilities to execute arbitrary script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, obtain sensitive information or bypass certain security restrictions to perform unauthorized actions.
Dredge School Administration System is prone to multiple security vulnerabilities, including SQL injection, cross-site request forgery, cross-site scripting, information disclosure, and security bypass. Exploiting these issues could allow an attacker to execute arbitrary script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, obtain sensitive information or bypass certain security restrictions to perform unauthorized actions.
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
The Aclsfgpl component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Services By CQR