Webchat is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user-supplied data. Under some circumstances, it is possible for remote attackers to influence the path for certain include files to point to an external file by manipulating URI parameters. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.
GTCatalog is prone to a remote file inclusion vulnerability due to insufficient sanitization of user-supplied data. An attacker can manipulate URI parameters to include external files on remote servers. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.
Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software.
A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organized attacks against a vulnerable system.
It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can result in a denial of service, or potentially command execution.
TYPO3 is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user-supplied data. Under some circumstances, it is possible for remote attackers to influence the path for an include file to point to an external file by manipulating URI parameters. If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.
TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts. This type of information may be useful in mounting further attacks against the host system.
The Axis Video Server does not properly secure sensitive information, allowing an attacker to gather details about server operation and traffic that could lead to further attacks.
Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used in URI parameters of certain PHP pages. Under some circumstances, it may be possible for remote attackers to influence the include path for a global configuration file to point to an external file on a remote server. If the remote file is a malicious file, this vulnerability may be exploited to execute arbitrary system commands in the context of the web server.
E-theni may allow inclusion of malicious remote files due to remote users being able to influence the include path of an external file ('para_langue.php') referenced by the 'aff_liste_langue.php' script. This could result in arbitrary command execution.
Services By CQR