Webmedia Explorer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Apple QuickTime is prone to a denial-of-service vulnerability. An attacker will exploit this issue through the Safari browser by enticing a user to visit a malicious site. This will crash the user's browser. Successful exploits may allow the attacker to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial-of-service condition.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. To mount the attack, the attacker would serve a web page which has XML MIME type and requests to be styled by the evil stylesheet.
The 'Compress::Raw::Zlib' Perl module is prone to a remote code-execution vulnerability. Successful exploits may allow remote attackers to execute arbitrary code or cause denial-of-service conditions in applications that use the vulnerable module.
LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks, including cross-site request forgery, cross-site scripting, and HTTP-request smuggling.
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.
Apache Tomcat is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
Joomla! is prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues affect the 'com_user' component, the 'JA_Purity' template, and the administrative panel in the 'Site client' subproject of the application. An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
CUPS is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when processing two consecutive IPP_TAG_UNSUPPORTED tags in specially crafted IPP (Internet Printing Protocal) packets. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
Services By CQR