Centreon is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain potentially sensitive information that may lead to further attacks.
netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application fails to adequately sanitize user-supplied input. Attackers can leverage these issues to gain unauthorized access to the application and to execute arbitrary code in the context of the application.
XRMS CRM is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Flicks Software AuthentiX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Juniper Networks Secure Access 2000 is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks.
Juniper Networks Secure Access 2000 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Trend Micro OfficeScan Corporate Edition is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Successful exploits may allow an attacker to execute arbitrary code with privileges of the user running the application. This may facilitate a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.
Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. A proof of concept exploit for ghostscript 8.61 and earlier was discovered by Chris Evans and authored by Will Drewry. The vulnerability is in the float vector handling in the seticcspace function. zicc.c:seticcspace() allows the user to set the number of expected float values (ncomps) in a vector (range_buff). However, this vector is statically allocated with the maximum space of 8 floats. Despite this, the call (dict_floats_array_check_param) to populate the array of floats is passed a maximum size of ncomps*2. A large payload will result in overflowing this array. Since all the values are read in as single precision floating point values, the payload must be encoded as floats.
Android Web Browser is prone to an integer-overflow vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.
Android Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successfully exploiting this vulnerability can allow remote attackers to execute arbitrary machine code in the context of the application. Failed attempts will likely result in denial-of-service conditions.
Services By CQR