Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability when handling malformed Content Advisor files. An attacker can exploit this issue by crafting a Content Advisor file with excessive data and arbitrary machine code to be processed by the browser. A typical attack would involve the attacker creating a Web site that includes the malicious file. A similar attack can also be carried out through HTML email using Microsoft Outlook and Microsoft Outlook Express applications.
Microsoft Windows is reported prone to a remote code execution vulnerability. It is reported that the vulnerability manifests when an affected Microsoft platform receives and processes an especially malformed TCP/IP packet. Reports indicate that the immediate consequences of exploitation of this issue are a denial of service.
WebCT is reportedly affected by an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in dynamically generated content. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
zOOm Media Gallery is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
ModernBill is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'aid' parameter. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ModernBill is prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script.
KDE KMail is vulnerable to a remote email message content spoofing vulnerability due to a failure of the application to properly sanitize HTML email messages. An attacker may leverage this issue to spoof email content and various header fields of email messages. This may aid an attacker in conducting phishing and social engineering attacks by spoofing PGP keys as well as other critical information.
AzDGDatingPlatinum is reported prone to multiple vulnerabilities, including multiple SQL-injection vulnerabilities which could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Additionally, a cross-site scripting issue is present, which could allow an attacker to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection. A remote attacker can disclose arbitrary files. Information gathered through this issue may allow the attacker to carry out other attacks against an affected computer. The application is affected by a SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Multiple cross-site scripting issues have been identified as well. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
PostNuke Phoenix is vulnerable to a remote SQL injection vulnerability due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker can exploit this vulnerability to manipulate SQL queries to the underlying database, potentially leading to the theft of sensitive information, including authentication credentials, and data corruption.
Services By CQR