phpMyAdmin is prone to multiple remote vulnerabilities that allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These vulnerabilities are caused by insufficient sanitization of user-supplied data.
The GameSpy SDK is prone to a buffer overflow vulnerability in its CD-key validation functionality. This vulnerability occurs due to a failure of the SDK to properly check the length of user-supplied network data before copying it to a fixed-sized memory buffer. Exploiting this vulnerability may allow attackers to execute arbitrary machine code within the context of the affected GameSpy developed game.
The vulnerabilities in GNU wget allow attackers to perform directory traversal, arbitrary file overwriting, and execute malicious code by not properly sanitizing user-supplied input and validating file presence before writing to them. An attacker can exploit these issues to overwrite files within the current directory and potentially outside of it, leading to file corruption, denial of service, and further attacks against the affected computer. The vulnerabilities can be exploited by a malicious server.
PhpGedView is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied URI input. A remote attacker can create a malicious URI link that includes hostile HTML and script code. If the link is followed, the hostile code may be rendered in the victim user's web browser, potentially allowing for theft of authentication credentials or other attacks.
The Kerio Personal Firewall (KPF) driver does not properly sanitize API parameters, leading to a denial of service vulnerability. When certain parameter data is handled by the KPF API hook, it triggers an exception and causes a crash in the Windows kernel, resulting in a system-wide denial of service. An attacker can exploit this vulnerability to disrupt the services and deny access to legitimate users.
A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loaded into the search pane. An attacker can exploit this vulnerability to display misleading information in the address bar of the browser, making it seem like the web page is from a trusted location. This can be used to facilitate phishing attacks and other types of attacks.
The MD5 algorithm is prone to a hash collision weakness, allowing attackers to create multiple input sources that result in the same output fingerprint. This can be exploited to substitute a malicious file for an innocent one, potentially leading to the execution of malicious code or breaking non-repudiation properties of messages.
WebLibs is prone to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly filter user-supplied input.
The vulnerability is caused by the server's inability to handle malformed requests. An attacker can exploit this by sending a specially crafted request to the server, causing it to crash and denying service to legitimate users.
A cross-site scripting vulnerability exists in Blog Torrent due to improper sanitization of user-supplied URI input. An attacker can create a malicious URI link containing hostile HTML and script code, which, if followed by a victim user, can result in the execution of the malicious code in the user's web browser. This can lead to theft of authentication credentials and other attacks.
Services By CQR
