Surveillix DVR 'MeIpCamX.DLL' ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks. BitDefender Security for File Servers, BitDefender Enterprise Manger, and other BitDefender products that include the Update Server are vulnerable. This issue affects Update Server when running on Windows; Linux and UNIX variants may also be affected.
phpAutoVideo is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code within the context of the webserver process, steal cookie-based authentication credentials, and launch other attacks.
CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input. Local attackers can exploit these issues to cause denial-of-service conditions. Attackers may also be able to escalate privileges and execute arbitrary code, but this has not been confirmed. All the vulnerabilities can be reproduced by running a combination of DC2 and BSODHook tools. Step by step instructions: Get DC2.exe (Driver Path Verifier) from the latest Windows Driver Kit. Login as unprivileged user. Run 'dc2 /hct /a'. Get BSODHook.exe from Matousec http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php Click on 'Load Driver' then click on 'Find SSDT hooks' then 'Add to probe list' and then 'GO'. BSODHook will crash the system.
Clever Copy is prone to multiple input-validation vulnerabilities, including two SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
BitTorrent and uTorrent are prone to a remote code-execution vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application or to crash the affected application, denying service to legitimate users.
Attackers can exploit this issue by sending specially crafted HTTP request packets for an arbitrary website. Successful exploits allow attackers to view sites that the device is meant to block access to. This could aid in further attacks.
Peter's Math Anti-Spam for WordPress is prone to a security-bypass vulnerability. This issue occurs when presenting a visitor with challenge data to determine if they are a legitimate user or an automaton. The challenge data is poorly obfuscated and can be interpreted by script code. Attackers can leverage this issue to bypass the security measures provided by the plugin via an automated script. This could aid in spam distribution and other attacks.
Article Dashboard is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
pMachine Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR