Testa OTMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Limonade framework is prone to a local file-disclosure vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to obtain sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Nagios XI is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IBM Cognos Business Intelligence is prone to an information-disclosure vulnerability due to an error when parsing XML external entities. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible.
Google Android is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Course Registration Management System is prone to multiple cross-site scripting and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of the browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; other attacks are also possible.
Openbravo ERP is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The vulnerability exists due to the application failing to properly sanitize user-supplied input. An attacker can exploit this issue by sending a specially crafted XML request containing an external entity declaration. This may allow the attacker to view arbitrary files on the affected computer.
Poppler is prone to a local format-string vulnerability because it fails to sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
JReport is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. The application will then process the request as if it were submitted by a legitimate user.
Services By CQR