BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the error page. A successful attack may facilitate the theft of cookie-based authentication credentials as well as other attacks.
The Microsoft 'user32.dll' library is prone to a denial of service vulnerability. The issue manifests when the library handles icon (.ico) files containing large size values. Reports indicate that this issue exists for user32.dll versions that reside on Microsoft Windows 98SE platforms. Other versions might also be affected.
Nokia 9500 handset vCard viewer is affected by a remote denial of service vulnerability. This issue presents itself when the device handles a malformed vCard and fails to perform boundary checks prior to copying user-supplied data into a finite sized buffer. Successful exploitation of this issue requires user interaction as a user is asked to accept the vCard followed by manually opening it.
BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote denial of service vulnerability exists in Sony Ericsson P900 handsets due to the application failing to perform boundary checks prior to copying user-supplied data into a finite sized buffer. The vulnerability presents itself in the Bluetooth-related Beamer application when handling a malformed file. To exploit this vulnerability, an attacker can create a malformed name using 'remotename' in 'obexftp_put_file' function of obexftp client.c and send any existing file using obexftp.
C'Nedra Network Plug-in is prone to a remotely exploitable buffer overflow vulnerability. The issue exists in the 'game_message_functions.cpp' source file and is due to inadequate bounds checking of user-supplied data. This vulnerability could be exploited to execute arbitrary code in the context of the affected software.
Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to cause arbitrary shell commands to be executed with superuser privileges.
Terminator 3 : War of the Machines server is prone to a buffer overflow vulnerability that may permit remote attackers to execute arbitrary code on a vulnerable system, this may facilitate unauthorized access. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers.
Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes. It should be noted that a successful attack would reveal the presence of a watermarked file but not the file contents.
FunkyASP AD Systems is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Supplying admin for the Username and ' or ''=' for the Password of login.asp is sufficient to authenticate to the administrator account.
Services By CQR