A user does not need to connect to the server over the TCP port to have UDP based audio streams handled. The attacker requires knowledge of user ID's connected to a target channel. By transmitting an audio stream to an affected server, it can be heard by all connected users without server administrator control.
The Roger Wilco Server is prone to a remote denial of service vulnerability. This vulnerability occurs due to a flaw in handling malicious UDP payloads. An attacker can exploit this vulnerability by sending malicious UDP payloads to the vulnerable server, causing it to deny service to legitimate users.
cdp is prone to a buffer overflow vulnerability that may allow an attacker to cause a denial of service condition in the software. The issue exists due to insufficient boundary checks performed by the printTOC() function. The buffer overflow condition may occur if when a song with a track name exceeding 200 bytes is accessed via the application. If an attacker is able to overwrite sensitive memory locations, it may be possible to execute arbitrary instructions in the context of the user running cdp.
The CactuShop application fails to properly sanitize user-supplied URI input, allowing remote attackers to inject malicious HTML and script code. This can lead to various attacks, including theft of authentication credentials.
The vulnerability allows a remote attacker to manipulate database queries and potentially view or modify sensitive information. It can also lead to the disclosure of the administrator password hash.
The LINBOX web-based administration scripts can be accessed without proper authorization, allowing unauthorized users to gain access to the administration interface.
MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue occurs due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
Interchange is prone to a remote information disclosure vulnerability that allows attackers to disclose contents of arbitrary variables via URI requests. This vulnerability can be exploited by sending a crafted request to the affected application.
The WebCT Campus Edition is prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.
Systrace is prone to a vulnerability that may permit an application to completely bypass a Systrace policy. This issue occurs due to insufficient sanity checks while handling a traced process with ptrace.
Services By CQR