EUVD-2007-5093

Malware in sbrugna...

Buffer overflow

The webloginlog function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service buffer overflow via a session.cgi?ACTION=logout request involving a long REMOTEADDR environment variable...

Code execution vulnerability in the session.cgi program of the Pelco Sarix Pro webcam

pelco Sarix Professional is a video camera. A code execution vulnerability exists in the pelco Sarix Pro network camera session.cgi program. The vulnerability is caused due to the program not performing a length check when processing user submitted data, which can be exploited by a remote attacke...

Cross site scripting

Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...

CVE-2007-5112

CVE-2007-5112 is an XSS vulnerability in Google Urchin 5 (versions up to 5.7.03 and earlier) affecting the session.cgi (login page). The weakness allows remote attackers to inject arbitrary script/HTML via the query string, as described in the NVD entry. The impact noted includes potential creden...