WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.
WinSCP is prone to a vulnerability that allows an attacker to upload or download arbitrary files from a victim's computer in the context of the vulnerable application. This is achieved by embedding an iframe in a web page with a malicious scp command that will execute when the page is loaded.
Toms Gastebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue. An attacker can exploit these issues to compromise the affected computer, write files to arbitrary locations, and crash the affected application.
Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. The following are vulnerable: eScan Internet Security 9.0.722.1, eScan Virus Control 9.0.722.1, eScan AntiVirus 9.0.722.1, eScan Corporate 9.0.x, eScan Professional 9.0.x, eScan Workstation Server 9.0.x, eScan Web and Mail Filter 9.0.x, MailScan for Mail-Server 5.6a, MailScan for SMTP Server 5.6a, X-Spam for SMTP Servers 5.6a. Other versions and software packages may also be affected. Attackers can exploit this issue by logging in as a LUA user, renaming traysser.exe to traysser.exe.BAK, copying program.exe to the eScan installation directory, renaming program.exe to traysser.exe, and restarting the computer.
The FileInfo plugin for Total Commander is prone to multiple PE file denial-of-service vulnerabilities because the plugin fails to properly handle malformed input. Successfully exploiting these issues allows remote attackers to crash the affected application.
Yahoo! Messenger is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue requests to MSXML that trigger memory corruption. Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Shoutbox is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Services By CQR