Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. Successfully exploiting this issue will cause the application to create a temporary file that will grow in an unbounded fashion, consuming all available disk space. This will likely result in a denial-of-service condition.
phpODP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. RadLance Gold 7.0 is reported affected by this issue; other versions may also be vulnerable.
PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
UniversalFTP (www.teamtek.net) suffers from several unhandled user input vulnerabilities that cause the program to crash. This vulnerability was discovered by Parvez Anwar and Greg Linares and was originally reported by Parvez Anwar on October 27th.
PSY Auction is prone to multiple input-validation vulnerabilities due to a failure in the application to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, control how the site is rendered to the user, or exploit vulnerabilities in the underlying database implementation. Example exploit URL: http://www.example.com/auction/item.php?id='[SQL]
Pixaria PopPhoto is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Gphotos is prone to multiple input-validation vulnerabilities. The issues include information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. Other attacks are also possible.
phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy by sending a specially crafted URL.
WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to access or modify data, steal cookie-based authentication credentials, perform username-enumeration, access sensitive information, and gain unauthorized access to script source code. Other attacks are also possible.
Services By CQR