PHP Advanced Transfer Manager is prone to a vulnerability regarding the uploading of arbitrary files. If successfully exploited, an attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server. An attacker can create a file with a .ns extension, containing malicious code, and upload it to the vulnerable server. The attacker can then access the file and execute the malicious code.
Video Cam Server fails to control access to the administrative interface, allowing an attacker to gain access to the administrative interface without authentication.
Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane (Web View) is enabled on Windows 2000 computers. Windows 98/98SE/ME are also affected by this issue. If a file with malicious attributes is selected using Explorer, script code contained in the attribute fields may be executed with the privilege level of the user that invoked Explorer. This could be exploited to gain unauthorized access to the vulnerable computer in the context of the currently logged in user.
A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
A race condition vulnerability has been reported in Libsafe 2.0-16 that may allow Libsafe security failsafe mechanisms to be bypassed. This is due to a race condition that may be exposed when Libsafe is used with multi-threaded applications. The result is that Libsafe security features may be bypassed and an attack that would ordinarily be prevented may succeed.
phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Active Auction House is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
nwprint that is distributed with SCO OpenServer is prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. A local attacker can gain elevated privileges (lp user) by exploiting this issue.
The Linux kernel is reported prone to multiple vulnerabilities that occur because of range-checking flaws present in the ISO9660 handling routines. An attacker may exploit these issues to trigger kernel-based memory corruption. Ultimately, the attacker may be able to execute arbitrary malicious code with ring-zero privileges. These vulnerabilities are reported to be present in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions for the Linux kernel up to and including version 2.6.11.
A remote buffer overflow vulnerability affects JoWood Chaser. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. An attacker may leverage this issue to execute arbitrary code in affected clients or trigger a denial of service condition in affected servers.
Services By CQR