84 matches found
CVE-2022-44007
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...
CVE-2022-44008
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...
CVE-2022-44007
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...
CVE-2022-43999
An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...
CVE-2022-43999
An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...
Session fixation
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...
Input validation
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...
Code injection
An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...
PT-2022-27064 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient output encoding of user-supplied data, making the web application vulnerable to cross-site scripting XSS at various locations. Recommendations: For...
CVE-2022-44002
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...
CVE-2022-43999
An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...
CVE-2022-44006
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by...
CVE-2022-44008
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...
PT-2022-27069 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an unsafe implementation of session tracking, making it possible for an attacker to trick users into opening an authenticated user session for a session...
CVE-2022-44003
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations...
BACKCLICK 安全漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from the use of consecutive IDs in the validation link, the...
CVE-2022-44005
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...
BACKCLICK 路径遍历漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which originates from improper authentication, and can be exploited by an...
BACKCLICK 跨站脚本漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from insufficient output coding of user-supplied data allowing an attacker...
CVE-2022-44000
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...