MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Active PHP Bookmarks application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The Microsoft Office HTMLMARQ.OCX library is prone to a denial-of-service issue. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.
Business Objects Crystal Reports XI Professional is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue by enticing a victim user into opening a malicious document file, resulting in the execution of arbitrary code with privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.
InverseFlow Help Desk is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
My Little Weblog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'action' parameter of the 'weblog.php' script. An attacker can exploit this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Apple Mac OS X is prone to a remote denial-of-service vulnerability when handling specially crafted UDTO disk image files. Successfully exploiting this issue allows remote users to crash affected computers, denying service to legitimate users. Attackers may also be able to exploit this issue for remote code execution, but this is reportedly unlikely.
CuteNews is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure vulnerabilities. An attacker could exploit these issues to view sensitive information or to have arbitrary script code execute in the context of the affected site, which may allow the attacker to steal cookie-based authentication credentials or change the way the site is rendered to the user. Data gained could aid in further attacks.
Services By CQR