An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.
The vulnerability allows an unprivileged local user to obtain kernel memory contents and a root user to write to arbitrary regions of kernel memory. The vulnerability is caused by integer handling errors in the proc handler for cpufreq.
The Unreal Tournament Engine is affected by a local file overwrite vulnerability due to the UMOD manifest.ini file. This issue is due to an input validation error that allows a malicious user to specify arbitrary files for writing, potentially leading to a system-wide denial of service condition.
pisg is prone to an input validation vulnerability. The vulnerability occurs when monitoring an IRC server that allows the use of HTML code as a value for the IRC Nickname. This allows an attacker to inject malicious HTML code into the generated HTML pages by pisg.
NewsTraXor is affected by a remote database disclosure vulnerability. The issue is caused by a design error that allows the database file to be globally readable. This vulnerability may allow a remote attacker to gain unauthorized administrative access to the affected web application.
The xine media player and library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files. By setting certain configuration parameters and specifying an attacker-specified file, an attacker can overwrite the target file on the affected system.
Multiple path disclosure vulnerabilities that occur when a user directly requests scripts in the '/includes/blocks/' and 'pnadodb' directories. This issue also affects scripts that are associated in multiple modules.Multiple cross-site scripting vulnerabilities were reported in the Downloads and Web_Links modules as well as the openwindow.php script. These issues may permit remote attackers to cause hostile HTML and script code to be interpreted by a victim user's browser.
Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting, and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation, and attacks against the underlying database.
Multiple vulnerabilities were reported in phProfession module for PostNuke. These vulnerabilities include path disclosure, cross-site scripting, and SQL injection. Exploitation of these vulnerabilities can lead to sensitive information disclosure, account hijacking, content manipulation, and attacks against the underlying database.
A vulnerability in TCP implementations may permit unauthorized remote users to reset TCP sessions. Exploiting this issue may permit remote attackers to more easily approximate TCP sequence numbers. The problem is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing denial-of-service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP and TCP port. Few factors may present viable target implementations, such as implementations that depend on long-lived TCP connections, have known or easily guessed IP address endpoints, or have known or easily guessed TCP source ports.
Services By CQR