Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
MyPhotos is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
FreeBSD is prone to multiple local denial-of-service vulnerabilities. These issues occur because of input-validation flaws related to the handling of integers. An attacker may leverage these issues to cause the affected computer to crash, denying service to legitimate users.
MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site scripting attacks. An attacker may leverage these issues to cause the application to consume excessive bandwidth and to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
An attacker can exploit this vulnerability to reveal the location of a directory contained in the configured document root. Information harvested through exploiting this issue may aid in further attacks.
The Apple Mac OS X AirPort wireless driver is prone to multiple buffer-overflow vulnerabilities because it fails to perform sufficient bounds checking before copying data to finite-sized buffers. An attacker can exploit these issues to have arbitrary machine code execute with kernel-level privileges. One of the issues allows code execution in the context of an application using the wireless API. This may lead to denial-of-service conditions or the complete compromise of the affected computer.
CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including an information-disclosure issue, an arbitrary-file-deletion issue, and a replay issue. These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols. An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.
Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl). An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks.
Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side script code in the context of the affected webserver, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could help the attacker steal cookie-based authentication credentials; other attacks are possible.
Services By CQR