NetFlow Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The SAP Message Server is vulnerable to a remote heap-based buffer overflow. The vulnerability occurs due to inadequate boundary checks on user-supplied data before copying it to a buffer of insufficient size. Remote attackers can exploit this vulnerability to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers, while failed attacks may cause denial-of-service conditions disabling all functionality of the application.
The Fujitsu ServerView application fails to properly sanitize user-supplied data, allowing attackers to execute arbitrary commands with the privileges of the affected application. This can lead to compromise of the application and underlying webserver.
Oliver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Liesbeth Base CMS is prone to an information-disclosure vulnerability. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
The Yoggie Pico and Pico Pro devices are vulnerable to a remote code-execution vulnerability due to insufficient input sanitization. An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges, leading to a complete compromise of the affected devices. The attacker can replace the original /etc/shadow file to set the root password of their choosing and gain complete control over the device by running dropbear sshd on a specific port.
Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Oracle Rapid Install Web Server is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting malicious HTML and script code into the victim's browser. This can lead to the theft of authentication credentials and enable further attacks.
PC SOFT WinDEV is prone to a stack-based buffer-overflow vulnerability when it attempts to process malformed project files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application or to cause denial-of-service conditions. This may facilitate unauthorized access or privilege escalation.
Services By CQR