mod_wsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.
Foscam IP Camera is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to sensitive information and perform certain unauthorized actions; this may lead to further attacks.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application by sending a specially crafted request to http://www.example.com/password-manager-master/backend/php/src/setup/rpc.php?objectname=Xmenu();print_r(php_uname());die;
SMART iPBX is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Glossaire module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CIS Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
UPS Web/SNMP-Manager CS121 is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to bypass authentication mechanism and gain access to the HTTP(s), SNMP or Telnet port service. An attacker can use a Perl script to connect to the port 4000 of the vulnerable device and send a 'show syspar' command to retrieve the system parameters. The attacker can then send a 'start' command followed by a 'cd /flash' command and a 'type ftp_accounts.txt' command to retrieve the login credentials of the device.
CMS Touch is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
VLC Media Player is prone to a memory-corruption vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
TOA is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
Services By CQR