Cosmetics Zone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The JoomlaFacebook component ('com_facebook') for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. The URL contains a malicious SQL query that can be used to access or modify data, or exploit latent vulnerabilities in the underlying database.
The SportFusion component ('com_sportfusion') for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MaxWebPortal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.
FFmpeg is prone to multiple remote vulnerabilities. Attackers may leverage these issues to execute arbitrary code in the context of the application or crash the application. FFmpeg 0.5 is affected; other versions may also be vulnerable.
Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including multiple remote command-execution vulnerabilities, a cross-site request-forgery vulnerability, and a cross-site scripting vulnerability. Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system, steal cookie-based authentication credentials, execute arbitrary script code, and perform administrative tasks. Other attacks are also possible.
GNU glibc is prone to an integer-overflow weakness. An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
NetBSD is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to cause the kernel stack to become desynchronized. This may allow the attacker to gain elevated privileges or may aid in further attacks.
Services By CQR