A race condition vulnerability has been reported in Libsafe 2.0-16 that may allow Libsafe security failsafe mechanisms to be bypassed. This is due to an implementation error in Libsafe that does not present a security risk unless there is a memory corruption vulnerability in a multi-threaded application on an affected computer.
Local exploitation of a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, allows attackers to create or overwrite arbitrary files on the system. The problem exists because environment variables are used to create log files. Even when the program is setuid, users can specify a log file that will be created with elevated privileges (CVE-2006-4842).
OneWorldStore is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
sphpBlog is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
All4WWW-Homepagecreator is affected by an arbitrary remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an 'include()' function call. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process.
A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, due to the nature of the application, bypassing authentication requirements may be possible.
A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. An attacker may leverage this issue to disclose JSP source code, facilitating code theft as well as potential further attacks.
Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The issue manifests when an affected phone processes a malicious MIDI file. To perform the attack, a user must save a mms draft with a dummy midi file, connect the mobile phone to a PC and overwrite the dummy file with 'lgfreeze.mid', and then send the mms draft.
phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Services By CQR