DWebPro is prone to a directory-traversal vulnerability and a vulnerability that allows attackers to view arbitrary files. An attacker can exploit these issues to obtain sensitive information that may lead to other attacks.
RealNetworks RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks.
PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CS Whois Lookup is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer.
Flat Calendar is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Mani's Admin Plugin is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
New5starRating is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Supplying the following to the vulnerable script is sufficient to exploit this issue: Username : admin 'or' 1=1 Password : anything
An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. This could facilitate a complete compromise of the affected computer.
FreeBSD is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The vulnerability is caused due to an error in the 'dbopen()' function when handling memory initialization. This can be exploited to disclose sensitive information from memory.
Services By CQR