The IBM Lotus Sametime Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The UltraCam ActiveX Control 'UltraCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
Batavi is prone to multiple local file-include and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the affected application. The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability allows an attacker to inject SQL commands into the application's database queries, potentially allowing unauthorized access to the database or manipulation of its contents. The specific exploit involves injecting a UNION SELECT statement to retrieve sensitive information from the admins table.
PHP 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to inconsistent behavior in the get_icu_value_internal function of extintllocalelocale_methods.c. In most cases, get_icu_value_internal allocates memory that the caller is expected to free. However, if the first argument, loc_name, satisfies the conditions specified by the isIDPrefix macro (figure 1), and fromParseLocal is true, loc_name itself is returned. If a caller abides by contract and frees the return value of such a call, then the pointer passed via loc_name is freed again elsewhere, a double free occurs.
This module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but due to the available test device this module only supports the DS-7204 model.
The vulnerability is caused by a NULL-pointer dereference in PHP. An attacker can exploit this issue by using a proof-of-concept such as the 'grapheme_extract' function with a negative value, causing an application written in PHP to crash and deny service to legitimate users.
The GetSimple CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
The vulnerability allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP headers because the 'WEBrick::HTTPRequest' module fails to sufficiently sanitize input. By inserting arbitrary data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
After sending a crafted INVITE/CANCE or any message with a "WWW-Authenticate" where the "Digest domain" is crafted the device freezes provoking a DoS. A remote individual can remotely crash and perform a Denial of Service(DoS) attack in all the services provided by the software by sending one crafted SIP INVITE message. This is conceptually similar to the "ping of death".
Services By CQR