Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-05-05
Updated
2018-10-11
The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue."
Max CVSS
7.8
EPSS Score
2.07%
Published
2007-03-13
Updated
2011-03-08
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
Max CVSS
10.0
EPSS Score
1.01%
Published
2002-12-31
Updated
2008-09-05
3 vulnerabilities found