Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks. Local attackers could exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level privileges, but this has not been confirmed.
Kimson CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BoutikOne CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
NETGEAR WGR614 is prone to a denial-of-service vulnerability that occurs in the administration web interface. Successful exploits will cause the affected web interface to crash, denying service to legitimate users.
Attackers can exploit the lack of authentication when users access specific administration scripts in Belkin F5D8233-4 Wireless N Router to perform administrative functions without authorization. Attackers can enable remote management on port 8080, restore the router's default factory settings, reboot the router, and log in with the default password.
Remote attackers can exploit this issue to cause the Zope server to halt or to consume excessive server resources, resulting in denial-of-service conditions.
Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a directory-traversal vulnerability. Successful exploits of many of these issues will allow an attacker to completely compromise the affected application. The example exploit code provided changes the administrative password to 'Password19'.
IBM Tivoli Netcool Service Quality Manager is prone to multiple cross-site scripting and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Services By CQR