NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Reportedly, a moderator can edit forum posts owned by other moderators through an HTTP GET request without providing sufficient authentication credentials.
JAWS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'Glossary' module. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Simplog 0.9.3.1 is vulnerable to a remote SQL injection vulnerability. This vulnerability requires at least one blog entry to be made prior to injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This will allow the attacker to gain access to the login credentials of the administrator.
BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the error page. A successful attack may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Microsoft 'user32.dll' library is prone to a denial of service vulnerability. The issue manifests when the library handles icon (.ico) files containing large size values. Reports indicate that this issue exists for user32.dll versions that reside on Microsoft Windows 98SE platforms. Other versions might also be affected.
Nokia 9500 handset vCard viewer is affected by a remote denial of service vulnerability. This issue presents itself when the device handles a malformed vCard and fails to perform boundary checks prior to copying user-supplied data into a finite sized buffer. Successful exploitation of this issue requires user interaction as a user is asked to accept the vCard followed by manually opening it.
BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote denial of service vulnerability exists in Sony Ericsson P900 handsets due to the application failing to perform boundary checks prior to copying user-supplied data into a finite sized buffer. The vulnerability presents itself in the Bluetooth-related Beamer application when handling a malformed file. To exploit this vulnerability, an attacker can create a malformed name using 'remotename' in 'obexftp_put_file' function of obexftp client.c and send any existing file using obexftp.
C'Nedra Network Plug-in is prone to a remotely exploitable buffer overflow vulnerability. The issue exists in the 'game_message_functions.cpp' source file and is due to inadequate bounds checking of user-supplied data. This vulnerability could be exploited to execute arbitrary code in the context of the affected software.
Services By CQR
