Veno File Manager is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
B2B Vertical Marketplace Creator is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
EtoShop C2C Forward Auction Creator is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
osCMax is prone to an arbitrary file-upload vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to obtain sensitive information and upload arbitrary files. This may aid in other attacks. osCMax 2.5.3 is vulnerable; other versions may also be affected.
BoastMachine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can send a specially crafted POST request to the vulnerable application, containing an SQL query in the 'blog' parameter, which will be executed in the context of the application.
eduTrac is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks.
The PhotoSmash Galleries plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
WordPress Easy Career Openings plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NeoBill is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands, to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks. The exploit code provided in the description can be used to exploit the vulnerability.
Enorth Webpublisher is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR