The Joomla! Search component is prone to a cross-site-scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Ace Video Workshop is prone to an arbitrary-code-execution vulnerability. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Ace Video Workshop 1.2.0.0 is vulnerable; other versions may also be affected.
WikLink is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
PHP is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in PHP to hang, creating a denial-of-service condition.
Oracle Internet Directory is prone to a remote memory-corruption vulnerability. Exploits may allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
IBM Tivoli Directory Server is prone to a denial-of-service vulnerability caused by heap memory corruption. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
This exploit is a buffer overflow vulnerability in the TFTPdwin-0-4-2.pl script. It sends a malicious request to the target host, which contains a NOP sled, shellcode, and a return address. The return address points to a pop ebp, ret instruction in the tftpd.exe file. This allows the shellcode to be executed, which binds a shell to port 4444 on the target host.
Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can also obtain a server's webroot path by requesting the URL http://www.example.com/spyce/examples/automaton.spy?_spyce_debug=1
Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server. Attackers can leverage it to execute arbitrary code with SYSTEM-level privileges and completely compromise affected computers.
Microsoft Windows Digital Rights Management (DRM) ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Services By CQR