BootManage TFTP Server is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Cfnetgs is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Net Inspector is prone to multiple remote vulnerabilities, including a format-string vulnerability, a directory-traversal vulnerability, and multiple denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected application, obtain sensitive information, or crash the affected application.
SNewsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Virtual Support Office XP (VSO-XP) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ZABBIX is prone to a denial-of-service vulnerability when handling specially crafted requests for file checksums. An attacker can exploit this issue to cause the affected application to stop responding, denying service to legitimate users. The exploit involves sending multiple requests for file checksums to the ZABBIX server using the 'nc' command.
eWeather is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Acyhost is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
MyTutorials is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
McAfee Framework is prone to a remote format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the framework. Failed attacks will likely cause denial-of-service conditions. McAfee Common Managemetn Agent 3.6.0.574 (Patch3) or earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569 and ePolicy Orchestrator 4.0 are vulnerable to this issue; other versions may also be affected. NOTE: This issue occurs only when the default debug level (7) is raised to 8.
Services By CQR