GMarkup requires valid UTF8 input strings and would cause odd looking messages if given invalid input. This could also trigger an out-of-bounds write in glib before 2.44.1.
The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a 'dynamic file inclusion' mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Typical proof-of-concept would be to load passwd file: http://server/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd
By providing a long URI (longer than 256 bytes) not containing a slash in a request, a pointer is overwritten which is later passed to free(). By controlling the location of the pointer, this would allow an attacker to affect control flow and gain control of the application. Note that the free() seems to occur during cleanup of the request, as a 404 is returned to the user before the segmentation fault.
A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can (potentially) be used by an authenticated user (Subscriber) to create a denial of service condition of an affected WordPress site.
Sakai suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Ocomon 2.0RC6 is vulnerable to multiple SQL injection attacks. An attacker can exploit this vulnerability by using the 'admin'or'' as the username and password to gain access to the administrative page of the system.
VideoIQ is vulnerable to remote file disclosure which allows to any unauthenticated user read any file system including file configurations.
Honeywell IP-Camera (HICC-1100PT) allows to unauthenticated user to include files from local server such as /etc/passwd, /etc/shadow or config.ini which contains all credentials and other configurations.
JVC IP-Camera (VN-T216VPRU) allows to unauthenticated user to include files from local server such as /etc/passwd, /etc/shadow or config.ini which contains all credentials and other configurations.
Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allows to unauthenticated user to include files from local server such as /etc/passwd, /etc/shadow or config.ini which contains all credentials and other configurations.
Services By CQR