An attacker can execute arbitrary server-side script code and gain unauthorized access by exploiting these vulnerabilities in GuppY. The attacker can also disclose arbitrary files on the affected computer using directory traversal sequences and NULL characters.
GuppY is affected by multiple local file include and information disclosure vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. It should be noted that these issues may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences and NULL characters to disclose arbitrary files.
The Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML injection and cross-site scripting attacks. An attacker may leverage these issues to have arbitrary script and HTML code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials, and also exploit these issues to control how the site is rendered to the user. Examples for cross-site scripting and HTML injection attacks have been provided.
The application fails to properly sanitize user-supplied input, leading to multiple XSS vulnerabilities. An attacker can execute arbitrary script code in the browser of a user visiting the affected site, potentially stealing authentication credentials and performing other attacks.
Randshop is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
The PDJK-support Suite is prone to multiple SQL injection vulnerabilities. These vulnerabilities could allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The ADC2000 NG Pro application fails to properly sanitize user-supplied input before using it in an SQL query, which can lead to SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to compromise the application, disclose or modify data, or exploit vulnerabilities in the underlying database implementation.
Netzbrett is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Services By CQR