RealPlayer 10.5 is prone to a denial-of-service vulnerability when a user visits a malicious web page. The vulnerability is caused due to a boundary error within the 'ierpplug.dll' ActiveX control when handling certain parameters passed to the 'GetComponentVersion', 'HandleAction' and 'DoAutoUpdateRequest' methods. This can be exploited to cause a stack-based buffer overflow by passing overly long strings to the affected methods.
Inmostore is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
TippingPoint IPS is prone to a detection-bypass vulnerability because the appliance fails to properly handle Unicode characters. A successful exploit of this issue may allow an attacker to bypass the filter and detection system of vulnerable appliances, allowing malicious URI traffic through. This will likely aid the attacker in further attacks.
SAP DB Web Server is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. Successfully exploiting these issues will allow an attacker to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.
HP Instant Support ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
DUClassmate is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This exploit is a proof-of-concept code that demonstrates a memory disclosure vulnerability in Microsoft Windows. It uses the NtRaiseHardError API to read the memory of the csrss.exe process. This vulnerability was discovered by Ruben Santamarta and was disclosed in 2006.
LiteWeb webserver is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.
A vulnerability exists in PHP-Update 2.7 which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable system. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable system.
Apple Safari is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions on a user's computer.
Services By CQR