Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.
The ewire Payment Client is vulnerable to an arbitrary command execution vulnerability. Attackers can exploit this vulnerability by injecting malicious input, which is not properly sanitized by the software. This allows the attacker to execute arbitrary shell commands on the affected computer, with the privileges of the application using the affected class utility.
The Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.
The Axis Communications 207W Network Camera is prone to multiple vulnerabilities in its web interface. These vulnerabilities include a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. Exploiting these vulnerabilities may allow an attacker to compromise the device or prevent other users from using the device.
Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to other attacks.
Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
CS-Guestbook is prone to an information-disclosure vulnerability because the application fails to properly protect sensitive information. An attacker can exploit this issue to access sensitive information that may lead to further attacks.
KMPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed AVI media files. Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
Media Player Classic (MPC) is prone to multiple remote vulnerabilities, including a heap-based buffer-overflow issue and an integer-overflow issue, when handling malformed AVI files. An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.