A remote file inclusion vulnerability exists in Events Calendar 1.1, which allows an attacker to include a remote file containing malicious code. This can be exploited to execute arbitrary PHP code by sending a specially crafted request to the vulnerable script.
Wireshark 1.0.x crashes as a result of a failed assertion when dealing with a malformed Tamosoft CommView .ncf packet capture.
BbZL.PhP 0.92 is vulnerable to insecure cookie handling. An attacker can exploit this vulnerability by setting the phorum_admin_session cookie to 1. This will allow the attacker to gain administrative access to the application.
A remote SQL injection vulnerability exists in PHP-Fusion Mod freshlinks (linkid). An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application, which can be used to access or modify the contents of the database. An attacker can use the vulnerability to gain access to sensitive information such as usernames and passwords stored in the database.
A vulnerability in GDI+ was discovered by John Smith and Evil Fingers. The vulnerability affects Windows XP SP2 and Internet Explorer 6.0.2900.2180. It allows an attacker to execute arbitrary code on the vulnerable system.
This vulnerability allows an attacker to include remote files on the server through the vulnerable Joomla Imagebrowser component. The vulnerable parameter is the ‘folder’ parameter which is not properly sanitized before being used in a file inclusion call. This can be exploited to include arbitrary files from remote hosts.
A local directory traversal vulnerability exists in BbZL.PhP, which allows an attacker to access sensitive files outside of the web root directory. This can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. Successful exploitation may lead to the disclosure of sensitive information.
ExplorerDOS is a buffer overflow vulnerability in Microsoft Windows Explorer which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error within the handling of .LNK files. By creating a specially crafted .LNK file, an attacker may be able to execute arbitrary code with the privileges of the user running the application. This vulnerability affects Windows XP SP3 and Windows 2003 SP2.
The opera browser is vulnerable to window object based denial of service attack. The opera fails to sanitize a check when window.close() function is called in number of dynamically generated events.. The function is called in a suppressed manner and kills the parent window directly by default which makes it vulnerable to denial of service attack. This security issue is a result of design flaw in the browser.Scripts must not close windows that were not opened by script,if script specific code is designed. There must be a parent window confirmation check prior to close of window.
The mozilla firefox is vulnerable to user interface event dispatcher null pointer dereference denial of service attacks. The dispatched event created dynamically leads to firefox crash when it is called directly or in a defined loop with number of generated user interface events.The resultant crash results in: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000007 Crashed Thread: 0 Thread 0 Crashed: 0 libxpcom_core.dylib nsTArray_base::Length() const + 11 (nsTArray.h:66) 1 libgklayout.dylib nsContentUtils::GetAccelKeyCandidates(nsIDOMEvent*, nsTArray&) + 261 (nsContentUtils.cpp:4083) This security issue is a result of unhandled exception which is a result of null pointer dereference.
Services By CQR