Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. An attacker can exploit this issue by enticing a legitimate user to view a malicious web page.
Apple iPhone and iPod touch are prone to multiple remote vulnerabilities, which may allow users to spoof websites, disclose information, cause buffer overflows, and cause memory corruptions. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.
Hudson is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Code execution may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Information obtained may aid in further attacks.
eSyndiCat is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and the underlying system; other attacks are also possible.
TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
Xomol CMS is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
PageFusion is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The 'libavformat' library from FFmpeg is prone to a remote heap-based buffer-overflow vulnerability because of insufficient boundary checks when parsing STR data. Remote attackers can exploit this issue by enticing victims into opening maliciously crafted STR files with an application that uses the affected library. Successful exploits may allow attackers to execute arbitrary code within the context of an affected application. Failed exploit attempts will likely result in a denial of service.
Services By CQR