Foxit Reader is prone to a remote code-execution vulnerability because is fails to properly handle certain COM objects. An attacker can exploit this issue by supplying a malicious PDF file or webpage. Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions.
BibTeX is prone to a memory-corruption vulnerability because it fails to properly handle excessively large '.bib' files. Remote attackers may leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.
TEKUVA Password Reminder is a password vault that allows users to store all their credentials in one spot and all they have to remember is a single 'main' password to access their vault. Unfortunately, the vault is actually an Access 2007 database that is protected by a password which is hard coded into the program, not the main password. This script connects to the database using the hard coded db password and dumps everything into an HTML table, bypassing the need to enter the main vault password (or use the program at all for that matter).
A SQL injection vulnerability exists in the Joomla Component Com_Joomclip (cat) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable system. The vulnerable parameter is ‘cat’ which is used in the ‘view=thumbs’ parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable system. The vulnerable parameter is ‘cat’ which is used in the ‘view=thumbs’ parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable system.
The main problem exist in dtoa implementation. Opera has a very similar dtoa algorithm to the BSD, Chrome and Mozilla products. It is the same issue like SREASONRES:20090625. A Proof of Concept (PoC) can be created to cause Opera to crash. If a PoC is used with Opera to see this PoC, Opera will crash.
K-Meleon is an extremely fast, customizable, lightweight web browser based on the Gecko layout engine developed by Mozilla which is also used by Firefox. K-Meleon is free, open source software released under the GNU General Public License and is designed specifically for Microsoft Windows (Win32) operating systems. The main problem exist in dtoa implementation. K-Meleon has the same dtoa as a KDE, Opera and all BSD systems. This issue has been fixed in Firefox 3.5.4 and fix http://securityreason.com/achievement_securityalert/63 but fix for SREASONRES:20090625, used by openbsd was not good. More information about fix for openbsd and similars SREASONRES:20091030, http://securityreason.com/achievement_securityalert/69. We can create any number of float, which will overwrite the memory. In Kmax has defined 15. Functions in dtoa, don't checks Kmax limit, and it is possible to call 16<= elements of freelist array. Officialy SREASONRES:20090625 has been detected i K-Meleon 1.5.3.
The main problem exist in dtoa implementation. SeaMonkey has the same dtoa as a KDE, Opera and all BSD systems. This issue has been fixed in Firefox 3.5.4 and fix http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=jsdtoa.c&branch=&root=/cvsroot&subdir=mozilla/js/src&command=DIFF_FRAMESET&rev1=3.41&rev2=3.42 has been used to patch SeaMonkey 2.0. This flaw has been detected in may 2009 and signed SREASONRES:20090625. http://securityreason.com/achievement_securityalert/63 but fix for SREASONRES:20090625, used by openbsd was not good. More information about fix for openbsd and similars SREASONRES:20091030, http://securityreason.com/achievement_securityalert/69 We can create any number of float, which will overwrite the memory. In Kmax has defined 15. Functions in dtoa, don't checks Kmax limit, and it is possible to overwrite the memory.
KDELibs is a collection of libraries built on top of Qt that provides frameworks and functionality for developers of KDE-compatible software. The KDELibs libraries are licensed under LGPL. The main problem exist in dtoa implementation. KDE has a very similar dtoa algorithm to the BSD, Chrome and Mozilla products. Problem exist in dtoa.cpp file and it is the same like SREASONRES:20090625. We can create any number of float, which will overwrite the memory. In Kmax has defined 15. Functions in dtoa, don't checks Kmax limit, and it is possible to call 16<= elements of freelist array.
Some 2wire modems are vulnerable to a remote denial of service attack. By requesting a special url from the Remote Management interface, an unathenticated user can remotely reboot the complete device.
When adding a comment for any blog entry, it is possible to add a Persistent XSS payload in 'Name' & 'Email' parameters due to improper sanitization of the user inputs. This application is vulenrable to CSRF which changes the password of an authenticated user. This is applicable to Admin as well. It is possible to edit/delete comments without proper authorization.