A vulnerability in AOL Instant Messenger (AIM) allows an attacker to store imported Buddy Icons in a predictable location on client systems. This could allow an attacker to facilitate further attacks which could eventually lead to execution of arbitrary code. The vulnerability has been tested on AIM versions 4.3 to 5.5, however, other versions may be affected as well.
It has been reported that WebStores2000 is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. An example of the vulnerability is demonstrated in the URL below: http://www.example.com/error.asp?Message_id=35<script>alert(document.cookie)</script>
Metamail has been reported prone to multiple vulnerabilities that may provide for arbitrary code execution. Two buffer overflow vulnerabilities have been reported to affect Metamail. Additionally, two format string-handling vulnerabilities have been reported. These issues may also be exploited by a remote attacker to execute arbitrary code.
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these issues, an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
It has been reported that all SNMP MIB (Management Information Base) community strings, even read/write strings may be disclosed to a remote attacker if the attacker makes certain queries to the affected appliance. An attacker may disclose sensitive information in this manner. Although unconfirmed, it may also be possible for the attacker to manipulate the appliance configuration through writeable strings.
It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been reported that an attacker may be able to disclose the administrator password hash by exploiting this issue.
A vulnerability has been reported in Microsoft Windows XP that could allow an attacker to spoof the Help and Support Center interface. This could be done by creating a malicious link that would present misleading or hostile content to a user in a manner that may cause them to trust it.
It has been reported that Broker FTP Server may be prone to multiple denial of service vulnerabilities. These issues may allow a remote attacker to cause the software to crash or hang. Broker FTP Server version 6.1.0.0 has been reported to be prone to these issues, however, other versions may be affected as well.
Services By CQR