Microsoft Windows is prone to an integer overflow vulnerability. This issue exists in 'winhlp32.exe' and is exposed when a malformed phrase compressed Windows Help file (.hlp) is processed by the program. Successful exploitation may allow execution of arbitrary code in the context of the user that opens the malicious Help file. The Help file may originate from an external or untrusted source, so this vulnerability is considered remote in nature.
The Windows Media Player ActiveX control is prone to a security weakness. The issue is that the control may be abused by a Web page to change attributes of media files (such as MP3). An attacker can influence attributes such as the artist, song name, or album name. It is possible to exploit this weakness to inject malicious script code into these attributes. If this issue was combined with a vulnerability that could force Internet Explorer to interpret the injected script code, it may be possible to execute malicious script code in the Local Zone.
It is reported that pgn2web is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it into a fixed-size memory buffer. This vulnerability allow remote attackers to alter the proper flow of execution of the application, potentially resulting in the execution of attacker-supplied machine code in the context of the application attempting to read malicious PGN files.
Gameport is reported prone to multiple vulnerabilities in the client and server. These issues may allow an attacker to gain unauthorized access to a vulnerable server and execute arbitrary code on a vulnerable client. An attacker can bypass the connection time limit restrictions imposed by a server. A local attacker can gain access to a server's administrative password. A server can execute arbitrary applications on a client. The following specific issues were reported: An attacker can bypass the connection time limit restrictions imposed by a server. A local attacker can gain access to a server's administrative password. A server can execute arbitrary applications on a client.
Multiple remote vulnerabilities reportedly affect Gadu-Gadu instant messenger. It supports the DCC (Direct Client Connection) protocol, facilitating the transfer of files and messages between users. The input validation issue is an HTML injection vulnerability in the instant messaging system. The denial of service vulnerability is due to a bug in the image handling code of the affected application. An attacker may leverage these issues to carry out HTML injection attacks, potentially stealing sensitive information, and to carry out denial of service attacks, denying legitimate users of access to the affected software.
Wordpress is reported vulnerable to multiple cross-site scripting, HTML injection, and SQL injection vulnerabilities due to a lack of proper sanitization of user-supplied data. An attacker may exploit the SQL injection issues to manipulate SQL queries to the underlying database. This may facilitate theft of sensitive information, potentially including authentication credentials, and data corruption. An example of a malicious URI link is http://www.example.com/wp-admin/moderation.php?action=update&item_approved=[XSS].
Input passed to the "$doc_directory" parameter in file.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Input passed to the "$webyep_sIncludePath" parameter in WYApplication.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Input passed to the "$doc_directory" parameter in file.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Input passed to the "$doc_directory" parameter in file.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Services By CQR