The Imperva SecureSphere is vulnerable to a security-bypass vulnerability that allows attackers to bypass certain security restrictions. By exploiting this vulnerability, attackers can potentially exploit SQL-injection vulnerabilities.
Keyfax Customer Response Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
HOMEPIMA Design is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
EmbryoCore is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The TCExam application fails to properly sanitize user-supplied input before using it in an SQL query, resulting in multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
HomeStation movistar has deployed routers manufactured by Pirelli. These routers are vulnerable to fetch HTML code from any IP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information.
The PHP session_decode() function is vulnerable to session hijacking. By manipulating the session data, an attacker can overwrite the _SESSION variable and gain unauthorized access to a user's session.
Gelsheet is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Exponent CMS is vulnerable to a local file inclusion vulnerability and an arbitrary file upload vulnerability. An attacker can exploit these vulnerabilities to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.
Services By CQR