The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified...
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service...
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service...
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. Date published : 2015-12-23 http://www.securityfocus.com/bid/79642 https://www.kb.cert.org/vuls/id/757840
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. Date published : 2015-12-23 http://www.securityfocus.com/bid/79345 https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01
Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. Date published : 2015-12-23 http://www.securityfocus.com/bid/79345 https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related...
Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. Date published : 2015-12-23 http://www.securityfocus.com/bid/79345 https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history....
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Date published...
Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-12-23 http://www.securityfocus.com/bid/79625 http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. Date published : 2015-12-23 http://www.securityfocus.com/bid/79625 http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot....
eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an...