PHP Membership Manager is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The 'xine' program is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
Apple Software Update is prone to a format-string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Attackers can exploit these issues to consume memory and bandwidth resources, denying service to legitimate users, or to gain information that may aid in further attacks.
Virtual Host Administrator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Applications using the gtk2 library may be prone to a denial-of-service vulnerability because the library fails to handle malformed image data. An attacker can exploit this issue to crash applications on a victim's computer.
Change of permissions functionality was found to miss unique token in the form.
This PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user (the CREATE [ANY] LIBRARY privilege is needed).
The vulnerability exists in Mac OS X QuickDraw due to its failure to handle malformed PICT image files correctly. This can be exploited by remote attackers to corrupt memory and crash the affected software. It may also potentially allow the execution of arbitrary machine code, although this has not been confirmed.
An attacker can exploit this issue to gain administrative access to the embedded webserver running on the affected device. This may allow attackers to completely compromise affected devices.