The Innovate Portal is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability to inject and execute arbitrary HTML and script code within the context of the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.
The application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'iIDcat' parameter of the 'get_list.php' script.
These vulnerabilities allow an attacker to steal authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The BT-Sondage-v112 application is affected by a remote file include vulnerability. The vulnerability exists in the gestion_sondage.php file, where an attacker can include a malicious file via the 'repertoire_visiteur' parameter. This can lead to remote code execution and unauthorized access to the server.
An attacker can exploit these vulnerabilities to access sensitive information, redirect victims to attacker-controlled sites, or steal authentication credentials to perform unauthorized actions
The vulnerability allows attackers to bypass certain security restrictions and gain access to the device.
The asgbookphp application is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in the context of the affected site, potentially leading to the theft of authentication credentials and other attacks.
Xenon is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The vulnerabilities in PROMOTIC may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. An attacker can exploit these vulnerabilities by providing a crafted HTTP request, which may lead to the execution of arbitrary code or disclosure of sensitive information.
G-WAN is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability. Remote attackers can exploit these issues to execute arbitrary code in the context of the application or crash the affected application.
Services By CQR