Bosdates is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Midirecord is prone to a local buffer-overflow vulnerability because it fails to do proper bounds checking on user-supplied data before using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the victim running the affected application. Version 2.0 is vulnerable to this issue; other versions may also be affected.
Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service. Exploitation would most likely result in a system crash, loss of data, and resource exhaustion, leading to a denial of service if critical files are accessed improperly or overwritten in the attack.
This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.
PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful attack could allow an attacker to compromise the software, access or modify data, or exploit vulnerabilities in the underlying database implementation.
WWWThreads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
OpenCMS is prone to multiple unauthorized-access vulnerabilities because it fails to properly authenticate users when performing administrative tasks. An attacker can exploit these issues to view, delete, and modify application data. This could aid in further attacks on the affected computer.
Opera Web Browser is prone to a memory-corruption vulnerability. A remote attacker may trigger this issue by enticing a user to visit a malicious website. This issue has been reported in Opera 9. Other versions may be vulnerable as well. This BID has been retired because the vendor reported that this issue is a duplicate of BID 18585 (Opera Malicious HTML Processing Denial of Service Vulnerability). An attacker can exploit this vulnerability by enticing a user to visit a malicious website and clicking a button which may crash the browser.
PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Savant2 is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
Services By CQR