The Oracle Primavera Project Portfolio Management application is vulnerable to HTTP Response Splitting. The application takes the user's input from the languageCode parameter and includes it in the ORA-PWEB_LANGUAGE_1111 cookie value within the "Set-Cookie" HTTP Response header. The application allows an attacker to inject LF (line feed) characters and break out of the headers into the message body and write arbitrary content into the application's response. As a result, this could enable an attacker to perform Cross-Site Scripting attacks (XSS), redirect victims to malicious websites, and poison web and browser caches.
The application source code is coded in a way which allows malicious crafted HTML page to be executed directly without any anti csrf countermeasures. Upon hosting an HTML page with the exploit code and sending the link to click by victim, it gets exploited. This hosted page upon being clicked by an logged in admin user will lead to creation of a new malicious admin user.
A SQL injection vulnerability exists in Joomla! Component Saxum Picker 3.2.10. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the affected parameter. This can be exploited to disclose the content of the back-end database, modify data, or exploit further vulnerabilities.
Joomla! Component SquadManagement 1.0.3 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter in the URL. This can be exploited to gain access to the database and potentially execute arbitrary code.
Joomla! Component Saxum Numerology 3.0.4 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'publicid' in the 'index.php' page. The attacker can also exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'type_id' in the 'interpret' page.
Joomla! Component Saxum Astro 4.0.14 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'publicid' and 'signid' parameters of the 'index.php' script. An attacker can send a malicious SQL query to the vulnerable script in order to dump the database content. This can be exploited to gain access to sensitive information such as usernames and passwords.
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'id' parameter to '/index.php' script. A remote attacker can execute arbitrary SQL commands in application's database and compromise the application or access sensitive data.
Joomla! Pinterest Clone Social Pinboard 2.0 is vulnerable to multiple SQL Injection vulnerabilities. The vulnerabilities exist due to insufficient sanitization of user-supplied input in multiple parameters of the application. An attacker can exploit these vulnerabilities to manipulate SQL queries by injecting arbitrary SQL code, allowing for the manipulation or disclosure of arbitrary data. The vulnerabilities can be exploited without authentication and can be exploited remotely.
A SQL injection vulnerability exists in Joomla! Component Timetable Responsive Schedule For Joomla 1.5, which allows an attacker to execute arbitrary SQL commands via the 'alias' parameter in a 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information in the application's database.
Joomla! Component Staff Master version <= 1.0 RC 1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.
Services By CQR