This host is running Adiscon LogAnalyzer and is prone to multiple SQL injection and cross site scripting vulnerabilities.
Successful exploitation will allow remote attackers to steal cookie based authentication credentials, compromise the application, access or modify data or exploit latent vulnerabilities in the underlying database. Impact Level: Application
Upgrade to Adiscon LogAnalyzer version 3.4.3 or later, For updates refer to http://loganalyzer.adiscon.com/
Multiple flaws are due to - Input passed via the 'filter' parameter to index.php, the 'id' parameter to admin/reports.php and admin/searches.php is not properly sanitised before being returned to the user. - Input passed via the 'Columns' parameter to admin/views.php is not properly sanitised before being used in SQL queries.
Adiscon LogAnalyzer version 3.4.2 and prior
- ATutor password reminder SQL injection
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability