NapShare is susceptible to a remote buffer overflow vulnerability due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed-size memory buffer. Attackers running malicious Gnutella servers can exploit this vulnerability to execute arbitrary code in the context of the vulnerable application. Version 1.2 of NapShare is reported susceptible.
PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The vulnerabilities include a heap-based buffer overflow in the 'pack()' function, a heap-based memory disclosure in the 'unpack()' function, an access control bypass in 'safe_mode_exec_dir', an access control bypass in 'safe_mode', a 'realpath()' path truncation vulnerability, and a memory corruption vulnerability in the 'unserialize()' function.
PHP4 and PHP5 are prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The vulnerabilities include a heap-based buffer overflow in the 'pack()' function, a heap-based memory disclosure in the 'unpack()' function, an access control bypass vulnerability in 'safe_mode_exec_dir', an access control bypass vulnerability in 'safe_mode', a 'realpath()' path truncation vulnerability, and a memory corruption vulnerability in the 'unserialize()' function.
A remote, client-side buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
The vulnerability is caused by a lack of proper validation of user-supplied strings before copying them into static process buffers. An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the user who activated the vulnerable application, potentially leading to unauthorized access or privilege escalation.
The Joomla component RSfiles is vulnerable to SQL injection. By manipulating the 'cid' parameter in the URL, an attacker can execute arbitrary SQL queries.
ChBg is prone to a remote buffer overflow vulnerability due to a lack of proper boundary checks when copying user-supplied data into sensitive process buffers. This vulnerability can be exploited by an attacker to gain superuser privileges on a vulnerable computer. The vulnerability can be exploited by crafting a malicious scenario file containing a list of pictures to display. When a user processes this file through ChBg, the attacker's instructions may be executed on the vulnerable computer.
PHPGroupWare is prone to multiple SQL injection and cross-site scripting vulnerabilities due to a failure in input validation. The SQL injection vulnerabilities could allow an attacker to manipulate query logic, leading to unauthorized access or database corruption. The XSS vulnerabilities could enable an attacker to create malicious links with hostile code, potentially leading to theft of authentication credentials or other attacks.
PHPGroupWare contains multiple input validation vulnerabilities including SQL injection and cross-site scripting (XSS) issues. These vulnerabilities are caused by the failure of the application to properly sanitize user-supplied input. The SQL injection vulnerabilities can allow remote attackers to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. The XSS vulnerabilities can allow remote attackers to create malicious links that execute hostile HTML and script code, potentially leading to theft of authentication credentials or other attacks.
The vulnerability allows an attacker to misrepresent the status bar in the Apple Safari Web Browser. By creating an HTML form with a legitimate site as the submit value and an attacker-specified site as the action property, the attacker can mislead users into following a link to a malicious site. The same effect can be achieved by embedding the malicious form in a link using the HTML Anchor tag and specifying the legitimate site as the href property.
Services By CQR