MaxWebPortal 1.3.5 and prior versions are reportedly vulnerable to Cross-site Scripting, SQL Injection and HTML Injection attacks. Cross-site Scripting can be exploited by sending a maliciously crafted URL to the vulnerable application. HTML Injection can be exploited by sending a maliciously crafted URL containing an HTTP request to the vulnerable application. SQL Injection can be exploited by sending a maliciously crafted URL containing a SQL query to the vulnerable application.
Quick.Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ShowOff! Digital Media Software is affected by multiple vulnerabilities. These issues can allow an attacker to carry out directory traversal and denial of service attacks. An attacker can exploit these issues by sending a specially crafted HTTP request containing directory traversal sequences to the vulnerable application. This will allow the attacker to access files outside of the web root directory. Additionally, an attacker can exploit these issues by sending a specially crafted HTTP request containing a large number of parameters to the vulnerable application. This will cause the application to crash.
The Linux kernel is susceptible to a local buffer-overflow vulnerability when attempting to create ELF coredumps. This issue is due to an integer-overflow flaw that results in a kernel buffer overflow during a 'copy_from_user()' call. To exploit this vulnerability, a malicious user creates a malicious ELF executable designed to create a negative 'len' variable in 'elf_core_dump()'. Local users may exploit this vulnerability to execute arbitrary machine code in the context of the kernel, facilitating privilege escalation.
NexusWay is vulnerable to remote command execution. An attacker can send a specially crafted HTTP request to the vulnerable server, containing malicious commands, which will be executed with root privileges.
myServer is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
e107 Website System is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
e107 Website System is prone to a directory traversal vulnerability. This issue could be exploited to obtain the contents of arbitrary files on the vulnerable computer by sending a specially crafted HTTP request to the vulnerable server.
GeoVision Digital Surveillance System is prone to a vulnerability that allows remote unauthorized attackers to view JPEG images stored on a server. This issue results from an access validation error.
NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigger the issue, HTML and script code may be Base64-encoded when passed as a URI variable argument. An attacker may exploit the issue by enticing a user to following a link that includes hostile Base64-encoded HTML and script code. The malicious input will be decoded by the application and may then be rendered in the browser of the user who visits the link.
Services By CQR