This vulnerability allows remote attackers to cause a denial of service via a crafted SetPassword call in the npUpload.dll module of DivX Player 6.6.0. When the SetPassword function is called with a large string, a buffer overflow occurs, which results in an access violation when reading [00000000].
Agency4Net WebFTP 1 download2.php is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files from the affected computer, potentially resulting in a loss of confidentiality.
screen, on some operating systems, is vulnerable to a local terminal screen lock authentication bypass that may allow physically proximate attackers to gain access to the system. This issue has been confirmed on OpenBSD with screen 4.0.3 on x86/amd64. The underlying vulnerability may be related to 3rd party authentication such as PAM. This issue was tested on OpenSuSE with screen 4.0.2 and was not vulnerable.
Zen Cart is a full featured open source ecommerce web application written in php that allows users to build, run and promote their own online store. Unfortunately there are multiple SQL Injection issues in Zen Cart that may allow an attacker to execute arbitrary SQL queries on the underlying database. This may allow for an attacker to gather username and password information, among other things. An updated version of Zen Cart has been released to address these issues and users are encouraged to upgrade as soon as possible.
Eclipse IDE is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Eclipse IDE is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Attackers with physical access to a computer with the affected application installed can exploit these issues to bypass certain security restrictions and perform unauthorized actions.
Fuctweb CapCC Plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Power Phlogger is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication credentials or to control how the site is rendered to the user.
MPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed media files. Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
Services By CQR