Vulnerabilities (CVE)

Filtered by vendor Globalnorthstar Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26959 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 N/A 10.0 CRITICAL
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.
CVE-2021-29398 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application.
CVE-2021-29397 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 5.0 MEDIUM 7.5 HIGH
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.
CVE-2021-29396 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 7.5 HIGH 9.8 CRITICAL
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.
CVE-2021-29395 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.
CVE-2021-29394 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.
CVE-2021-29393 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 10.0 HIGH 9.8 CRITICAL
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.