SPAMINA Cloud Email Firewall is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks.
VLC Media Player is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. VLC Media Player 1.1.11 is vulnerable; other versions may also be affected. The exploit includes a code update to an eac3 file, which can be found on the Videolan FTP server.
xBoard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
Apache Libcloud is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks.
The Advanced Dewplayer plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
CMS Afroditi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary script code in the context of the web server process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
JForum is prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
Hancom Office is prone to a remote heap-based buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.hml' document file. Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.