A remote buffer overflow vulnerability affects the IN_CDDA.dll library of Nullsoft's Winamp. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may distribute malicious play-list files and entice unsuspecting users to process them with the affected application.
Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection by passing a malicious HTTP referer header. There are also some possible cross-site scripting issues. The vendor has addressed these issues in Comersus Cart version 6.0.2; earlier version are reportedly vulnerable. The following proof of concept is available for the SQL injection issue: GET /comersus/store/default.asp HTTP/1.1 Referer: <SQLCODE HERE>
Multiple input validation vulnerabilities affect MercuryBoard due to a failure of the application to properly sanitize user-supplied input prior to using it in critical functionality. An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user and manipulate SQL queries against the underlying database, which may facilitate the theft of authentication credentials, destruction of data, and other attacks.
Exponent is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating theft of cookie-based authentication credentials and other attacks. Exponent 0.95 is reported prone to these issues. It is likely that previous versions are vulnerable as well.
DivX Player is prone to a directory traversal vulnerability when DPS '.dps', archive files are processed. An attacker may exploit this issue to save a script or executable file in an arbitrary location, which may lead to the execution of malicious code when the affected system is restarted. Alternatively, the attacker may overwrite a target file with the privileges of a user that is installing a malicious skin file.
Netscape Navigator is prone to a vulnerability that may result in a browser crash when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
This vulnerability is due to a failure of the affected to properly handle integer signedness. An attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users. It has been speculated that this issue may also be leverage to escalate privileges, although this is unconfirmed.
Konversation is a freely available IRC client for KDE windows environments on Linux platforms. Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws. An attacker may leverage these issues to execute arbitrary shell and Konversation commands, potentially leading to denial of service attacks and system compromise. When an unsuspecting user joins a channel named #%n/quit%n and the Part Button their client will quit. When an unsuspecting user enters a channel named #`kwrite` and executes the /uptime command, the kwrite application will be activated. When an unsuspecting user enters a channel named #`konversation` and executes the /uptime command, the konversation application will be activated. When an unsuspecting user enters a channel named #`konversation` and executes the /quit command, the konversation application will be closed. When an unsuspecting user enters a channel named #`konversation` and executes the /nick command, the konversation application will be closed.
Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. An attacker can supply additional lines to the stream used to write to the user database file through a URI parameter. This can allow the attacker to corrupt the user database file and potentially gain administrative privileges to the Siteman application.
Microsoft Windows is prone to a heap-based buffer overflow vulnerability. This issue exists in 'winhlp32.exe' and is exposed when a malformed phrase compressed Windows Help file (.hlp) is processed by the program. Successful exploitation may allow execution of arbitrary code in the context of the user that opens the malicious Help file. The Help file may originate from an external or untrusted source, so this vulnerability is considered remote in nature.
Services By CQR