Attackers may exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged-in user. Exploitation attempts may lead to a denial-of-service condition as well. Attackers may also employ HTML email to carry out an attack.
MySQL is prone to a privilege-elevation vulnerability and a security-bypass vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher privileges. A user can also bypass restrictions and create new databases. MySQL 5.0.24 and prior versions are affected by these issues.
GNU binutils GAS (GNU assembler) is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote attackers may crash the application or execute arbitrary machine code in the context of the application.
Reporter (a Mambo component) is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
An attacker can exploit this issue to destroy partition tables on the affected computer and to deny service to legitimate users.
Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to access the underlying system.
Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote and local files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application. The Flock browser version 0.7.4.1 and the K-Meleon browser version 1.0.1 are also reported vulnerable.
Lizge is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs because the application fails to load a DLL library when instantiated as an ActiveX control. An attacker may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users, and may cause arbitrary code to run within the context of the application.
Services By CQR