Sun Java Runtime Environment is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
Airspan ProST WiMAX device is prone to an authentication-bypass vulnerability because it fails to perform adequate authentication checks in the web interface. An attacker can exploit this issue to gain unauthorized access to the affected device and make arbitrary changes to its configuration. This may lead to further attacks.
Yap Blog is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Check Point VPN-1 UTM Edge is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Yellow_Pages module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Perforce Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to crash the affected application or cause excessive memory to be consumed, denying service to legitimate users.
MG2 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
BSD PPP is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can leverage this issue to crash the application and deny service to legitimate users. Given the nature of the issue, arbitrary code execution may also be possible, but this has not been confirmed.
The PHP-Nuke 'Seminars' module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the webserver process.
The eGallery module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. The URL contains an SQL query that can be used to access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR