The LevelOne WBR3404TX Broadband Router is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input. These issues occur in the web management panel. Exploiting these vulnerabilities may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
The b1gMail application is prone to a cross-site scripting vulnerability due to insufficient input sanitization. This vulnerability can be exploited by an attacker to execute arbitrary script code in the context of the affected website, potentially leading to the theft of authentication credentials and other malicious actions.
The Coppermine Photo Gallery is vulnerable to a cross-site scripting issue and a local file-include issue. Attackers can exploit these vulnerabilities to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.
The Coppermine Photo Gallery is prone to a cross-site scripting issue and a local file-include issue. Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary code, and retrieve arbitrary content within the context of the webserver process.
The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of user-supplied input. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the vulnerable method.
Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow. To successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions. Attackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data. A successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating the remote compromise of computers.
Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.
The ewire Payment Client is vulnerable to an arbitrary command execution vulnerability. Attackers can exploit this vulnerability by injecting malicious input, which is not properly sanitized by the software. This allows the attacker to execute arbitrary shell commands on the affected computer, with the privileges of the application using the affected class utility.
The Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability. Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.
Services By CQR