There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0.

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.

An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.