A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer. This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.
A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Hosting Controller is prone to an SQL injection vulnerability. This issue allows a remote attacker to manipulate query structure and logic. It has been reported that the attacker may gain unauthorized access to sensitive information. Other attacks may be possible depending on the capabilities of the underlying database and the nature of the affected query. One may input this string into the search box on the affected pages: 'or'1'='1'or'1'='1
The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. This issue may be exploited to cause the affected application to restart, denying service to legitimate users.
Nokia Affix btsrv/btobex are reported to be vulnerable to a remote command execution vulnerability due to a lack of input sanitization before using attacker-controlled data in a 'system()' call. An attacker can exploit this vulnerability to gain root privileges on the target computer.
Dvbbs is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PHPsFTPd is affected by a privilege escalation vulnerability. This issue is due to a failure in 'inc.login.php' when processing login credentials. An attacker can exploit this vulnerability to retrieve the administrator username and password. This could aid in further attacks against the underlying system; other attacks are also possible.
Dragonfly Commerce is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. By sending a specially crafted XML request, the 'aspnet_wp.exe' executable enters into an infinite loop, allowing remote attackers to consume excessive CPU resources, potentially denying service to legitimate users.
Services By CQR