It has been reported that Nadeo Game Engine may be prone to a remote denial of service vulnerability that could allow an attacker to cause the software to crash or hang by sending arbitrary data to the software on TCP port 2350. Nadeo Trackmania demo version has been reported to be affected by this issue.
It has been reported that Dream FTP Server may be prone to a remote format string vulnerability when processing a malicious request from a client for a username during FTP authentication. The issue could crash the server.
VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer application failing to secure itself against a "chroot-again" style vulnerability. Successful exploitation of this issue may allow an attacker to gain access to the filesystem outside of the chrooted root directory.
It has been reported that OpenJournal is prone to an authentication bypass vulnerability. This issue is caused by the application failing to properly sanitize URI specified parameters. Successful exploitation of this issue may lead to remote attackers gaining unauthorized access to online journal files associated with the application, adding new users to the database as well as a number of other possibilities.
It has been reported that Mambo Open Source may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue exists in the 'Itemid' parameter of 'index.php' script.
Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIME_ZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and FROM_TZ functions. Excessive data passed to any of the aforementioned parameters/statements may potentially overrun the bounds of a buffer in stack-based memory. This may result in the corruption of memory adjacent to the affected buffer, and ultimately may provide for arbitrary code execution.
A vulnerability has been reported to reside in the 'shmat()' system call used in the BSD kernel. Exploiting this issue may allow a local attacker to inject instructions into the memory of a privileged process.
A problem in the handling of large requests has been reported to result in service instability in XLight FTP Server under some circumstances. Because of this, it may be possible for a remote attacker to deny service to legitimate users of the software.
The Web Crossing Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives a malicious HTTP request that contains negative values for certain fields in the HTTP header.
Discuz! is prone to an Cross Site Scripting vulnerability due to the application failing to properly sanitize links embedded within user messages. This vulnerability allows a malicious user to steal cookie based authentication credentials or other information within the context of the affected web page.
Services By CQR