Online Shopping Alphaware version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version attributed to Ahmed Abbas.
29690f5dffee752bc5e1e472253d5ff5db429877767d895fee54163ae1c8708eOSAS Traverse Extension 11 suffers from an unquoted service path vulnerability.
d5081a005413b7ff934e790a93aaa7906a70d3ca77ff852d52e8fdde8298e802Alphaware E-Commerce System version 1.0 suffers from unauthenticated remote shell upload and remote SQL injection vulnerabilities.
fbecea6b0c82b953bb75a6982c2fca7d4e938869ab5be9cbc4582b315ab49413Online Shopping Alphaware version 1.0 suffers from an unauthorized administrative functionality access vulnerability.
af86f3f2c3fc65a797a7322c542028b83b7c440ae34c67c40b6fb9d42a4d9386Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.
1c73f02370cfc464f48e9e0329d3295cf79cee55b8d21245f13bb4fa92008374Online Shopping Alphaware version 1.0 suffers from a cross site request forgery vulnerability.
10eaf91c2386843e5718ae708a9128ff7150df99808d437a21dbbd1290208453Online Shopping Alphaware version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
1bbd55c9f9e0edcb7f2d29d71a1388c6c031345adc68213198dff08b8c072b7fOnline Shopping Alphaware version 1.0 suffers from an insecure direct object reference vulnerability.
06b278a300b523b0abcc50b71dc25166b714ca2a8134c022619a39fdd096f1a0Online Shopping Alphaware version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c9c9c9485eca29f72f51a446d9758fd84d888d3463396be08d55e65155981fcaOnapsis Security Advisory - The Oracle Virtual Server Agent suffers from a local privilege escalation vulnerability. By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.
8bb07a17e1151edee2f97edcaff919d8ae30d080f8d6e3f3cd95c2a984839665Onapsis Security Advisory - The Oracle Virtual Server Agent suffers from a remote command execution vulnerability. By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.
a7e7a0a5a37917b5c9d115d98333345e4e229747d1d9e70e3b2a2a9b4885be88Onapsis Security Advisory - The Oracle Virtual Server Agent suffers from an arbitrary file access vulnerability. By exploiting this vulnerability, an authenticated attacker would be able to remotely compromise the OVS server, together with all the virtual machines configured on it. This would result in the compromise of integrity, availability and confidentiality of every virtual machine deployed in the OVS server.
d031200543b4d11ba73fe8cdf870bdda3a8d6e288280d3b250bea767e3fe6228Onapsis Security Advisory - The SAP MC component fails to process malformed requests, resulting in a denial of service condition due to the fact that the affected service is crashed.
ec64dcf534979b2047279fc6c153b6276b068cd99aebe7db61d1d4e1c851b4caOnapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users.
8dc2a56391e65f55d9d9b2fedc38db6025320a0ec26c72f748583efc85727820SAP J2EE Telnet Administration suffers from an authentication bypass vulnerability.
1a80e20e80a3c1db1a6e588e5955e080382df05484aa9d8c7c179a6d923eec1dOnapsis Security Advisory - The Message-Driven Bean Example application in the SAP J2EE Engine suffers from a path traversal vulnerability, which may enable remote attackers to access sensitive files in the server filesystem.
56c2759f5a5395466ea0430458e765fc8c5964df18ac2d688fd40e06ead19690Onapsis Security Advisory - The Authentication mechanism of the SAP J2EE Engine (which is shared by the Enterprise Portal and other solutions) suffers from a phishing vector vulnerability, which may allow a remote attacker to perform different attacks to the organization's SAP users.
1cb2ce7956efa6260341088406256bfdfee382787854d2d01097084af316806bOnapsis Security Advisory - SAP WebDynPro suffers from a cross site scripting vulnerability.
9d48719f814da197b6bccfd0a7fd3e0631c617593a3bd21587145058a1d90bbfOpenSiteAdmin versions 0.9.1.1 and below suffer from multiple remote file inclusion vulnerabilities.
40bbe74570d048d429056d0c1a17fda85bc1e944fbaa129886682ca5af5ac6f4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed