Comodo Firewall Pro is prone to a protection-mechanism-bypass vulnerability. Exploiting this issue allows local attackers to bypass protection mechanisms implemented to restrict access to altering the firewall's configuration settings. This allows them to disable the firewall, aiding them in further attacks.
PgmReloaded has several scripts which do not initialize variables before using them to include files, assuming register_globals = on, we can initialize any one of the variables in a query string and include a remote file of our choice. The index.php file is vulnerable to remote file inclusion regardless of register_globals settings.
Nullsoft SHOUTcast is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Microsoft Windows Explorer is prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user. Users do not have to open the file -- simply browsing a folder containing the malicious file is sufficient to trigger this issue. A successful exploit will crash the vulnerable application, effectively denying service.
phpTrafficA is prone to multiple directory-traversal vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker entices a victim user to visit a malicious website. Initial reports stated that remote attackers may exploit these issues to gain access to local system files via Internet Explorer. This would help attackers steal confidential information and launch further attacks. This attack would occur in the context of the user visiting the malicious site. New conflicting reports indicate that these issues result only in verifying the presence of files on a vulnerable system.
Comodo Firewall is prone to a design error in its cryptographic hashing function for component controls. Exploiting this flaw permits attackers to bypass the application's component controls. The application keeps a list of process-module checksums for allowed components. Due to the improper use of a cyclic redundancy check, rather than a cryptographic hash function in developing module checksums, an attacker can trivially insert a malicious control with the same CRC as a trusted component.
TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Uebimiau is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Plain Old Webserver is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Services By CQR