SySS GmbH found out that the request new user and translation functionalities of the web application perfact::mpa are prone to reflected cross-site scripting attacks.
SySS GmbH found out that unauthorized users are able to download arbitrary files of other users that have been uploaded via the file upload functionality. As the file names of uploaded files are incremental integer values, it is possible to enumerate and download all uploaded files without any authorization.
The tested web application perfact::mpa offers no protection against cross-site request forgery (CSRF) attacks. This kind of attack forces end users respectively their web browsers to perform unwanted actions in a web application context in which they are currently authenticated.
The SySS GmbH found out that any logged in user is able to download valid VPN configuration files of arbitrary existing remote sessions. All an intruder needs to know is the URL with the dynamic parameter “brsessid”. Due to the modification of this incremental increasing integer value, it is possible to enumerate and download a […]
The SySS GmbH found out that the web application perfact:mpa accepts user-controlled input via the URL parameter “redir” that can be used to redirect victims to an arbitrary site which simplifies so-called phishing attacks.
The SySS GmbH found out that different resources of the web application perfact::mpa can be directly accessed by the correct URL due to improper user authorization checks. That is, unauthorized users can access different functions of the perfact::mpa web application.
The SySS GmbH found out that different functions of the web application perfact::mpa are prone to persistent cross-site scripting attacks due to insufficient user input validation.
WordPress GravityForms plugin version 1.9.15.11 suffers from a cross site scripting vulnerability.
Inserting an HTML ‘script’ tag into the URL of a web site protected by Sophos UTM 525 yields an error page which contains the ‘script’ tag unfiltered. Executing malicious JavaScript code in the victim’s browser is therefore straightforward.
em4 soft suffers from a division by zero attack when handling Crouzet Logic Software Document ‘.pm4’ files, resulting in denial of service vulnerability and possibly loss of data.