Adobe Acrobat is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to cause the affected application to crash, effectively denying service. Attackers may also be able to execute arbitrary code, but this has not been confirmed.
Multiple SonicWALL SSL-VPN devices are prone to a remote format-string vulnerability because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Attackers may exploit this issue to run arbitrary code in the context of the affected application. Failed attempts may cause denial-of-service conditions.
Achievo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Vanilla is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will facilitate the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.
LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks. Attackers can use malicious URLs such as http://www.example.com/phptest/xss.php?var=%3CEvil%20script%20goes%20here%3E=%0AByPass and http://www.example.com/phptest/xss.php?var=%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E to bypass security restrictions.
The Webshield feature of Kingsoft Internet Security 9 is prone to a remote cross-site scripting and command-execution vulnerability. Remote attackers may exploit this vulnerability to compromise an affected computer.
Services By CQR