Panda Internet Security/Antivirus+Firewall 2008 is prone to a vulnerability that allows local attackers to corrupt kernel memory. This vulnerability occurs because the application fails to sufficiently validate IOCTL requests. Local users may exploit this vulnerability to cause a denial of service or to execute arbitrary code in the context of the kernel.
Neptune Web Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
MailEnable is prone to multiple remote vulnerabilities in the IMAP service, including multiple buffer-overflow vulnerabilities and multiple denial-of-service vulnerabilities due to a NULL-pointer exception. An attacker may leverage these issues to execute arbitrary code in the context of the running application or to crash the application, causing a denial of service.
Microsoft Internet Explorer is prone to a remote information-disclosure vulnerability because of a flaw in the interaction between JavaScript and XML processing in Internet Explorer. To exploit this issue, an attacker must entice an unsuspecting user to visit a malicious website. Successfully exploiting this issue allows remote attackers to gain access to the first line of arbitrary files located on computers running the vulnerable application.
SID (Specimen Image Database) is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Imagevue is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The 4nChat module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MicroWorld eScan Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary files outside of the FTP server root directory. This can expose sensitive information that could help the attacker launch further attacks.
The KutubiSitte module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR