Microsoft SQL Server is affected by a remote denial of service vulnerability due to a failure of the application to handle irregular network communications. An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
Sophos Anti-Virus is affected by a reserved MS-DOS name virus scan evasion vulnerability. This issue is due to a design error that allows certain files to avoid being scanned. An attacker may leverage this issue to bypass the scanner protection provided by the vulnerable anti-virus scanner, giving users a false sense of security. It is reported that this issue can be leveraged to bypass both file system and email virus scanners, allowing this issue to be exploited remotely.
A problem in the handling of nicknames is reported in the Lords of the Realm III server. Because of this, an attacker may be able to deny service to users of the game server. The problem is in the handling of nicknames of excessive length. It should be noted that this vulnerability only occurs when the server enters 'lobby mode', which is a brief window of time before the initiation of a new game.
Multiple buffer overflow vulnerabilities exist in QNX Photon MicroGUI utilities due to a failure of the affected applications to validate user-supplied string lengths before copying them into finite process buffers. An attacker may leverage these issues to execute arbitrary code on the affected system within the context of the vulnerable applications; the applications are typically setuid applications.
Nullsoft Winamp ActiveX Control is alleged to be prone to a remote buffer overflow vulnerability. This issue presents itself in an ActiveX control installed by the application. Reportedly, a malicious attacker can exploit this issue to execute arbitrary code. An attacker can exploit this issue by enticing a victim to view a malicious HTML document containing a malicious script that will overflow the buffer. This can be done by sending the malicious HTML document as an email attachment or by hosting it on a malicious website.
Altnet is reported prone to a remote buffer overflow vulnerability. This issue presents itself in an ActiveX control installed by the application. Reportedly, a malicious attacker can exploit this issue to execute arbitrary code.
VideoDB 2.2.1 is vulnerable to a remote file include vulnerability. This vulnerability is due to the 'pdf_module' parameter in the 'core/pdf.php' script not being properly sanitized before being used in a 'require_once' statement. This can be exploited to include arbitrary files from remote locations by passing an URL as the 'pdf_module' parameter.
A vulnerability exists in PowerPortal v1.3a, which allows an attacker to include a remote file via the 'file_name[]' parameter in 'index.php'. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
An attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious URL in the phpbb_root_path parameter. This can allow the attacker to include a remote file containing arbitrary code and execute it on the vulnerable system.
A vulnerability exists in phpSecurePages, which is caused due to the use of user-supplied input in the 'cfgProgDir' parameter of the 'secure.php' script without proper sanitization. This can be exploited to include arbitrary files from remote locations by passing a URL in the 'cfgProgDir' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the php.ini configuration file.
Services By CQR