- #March networks dvr player Patch
- #March networks dvr player software
- #March networks dvr player code
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.īuffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. zip.php.Ĭross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1). NOTE: CVE disputes this vulnerability because banned_file is set to a constant value. ** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter.
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
#March networks dvr player software
Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to gain access to the WLAN or administration interface by using the guest logon name without a password.Īdmin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.īuffer overflow in the management interface for Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long credential strings. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.Ĭross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.Īdobe - ColdFusion MX Enterprise Multi-Server EditionĬross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.Īllons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php.
#March networks dvr player Patch
Patch information is provided when available. This information may include identifying information, values, definitions, and related links.
0 kommentar(er)
