Andy's PHP Projects Man Page Lookup script is vulnerable to command injection due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which will allow the attacker to execute arbitrary commands on the server.
The DansGuardian Webmin Module is vulnerable to a Remote File Inclusion vulnerability due to improper input validation. This vulnerability allows an attacker to include a remote file, containing malicious code, which will be executed by the vulnerable server.
It has been reported that FreeWeb server of FreeProxy may be prone to a denial of service vulnerability that may allow an attacker to crash the server process by supplying a malformed HTTP request. The issue exists in the 'CreateFile' function of the web server.
This vulnerability may allow and attacker to gain access to files that reside outside of the web root directory using a specially crafted URI that contains URL-encoded variations of directory traversal sequences. This issue has been reported to affect Windows variants of the software. It is not known if other versions are also affected.
It has been reported that FreeWeb server of FreeProxy may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. The issue may allow a remote attacker to traverse outside the server root directory by using '../' character sequences.
KpyM Telnet Server has been reported to be prone to a remote denial of service vulnerability. Due to a lack of resource limitations, a remote attacker may negotiate multiple connections to the affected server. This will cause multiple instances of the a terminal handler executable to be spawned and ultimately, over time, an access violation will be triggered in the KpyM Telnet Server.
SnapStream PVS Lite is prone to a cross-site scripting vulnerability. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a system hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.
Edimax AR-6004 ADSL Routers are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.
ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user. This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.
PhpGedView allows remote users to access information displayed by the phpinfo() function, which may disclose sensitive information about the environment the software runs in.
Services By CQR