Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to have local script code execute in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
An attacker can exploit a design error in Rixstep Undercover to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service.
The 'liens_dynamiques' program is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.
The 'liens_dynamiques' program is prone to a vulnerability that lets attackers bypass security restrictions. An attacker can exploit this issue to gain unauthorized access to the administrative functions of the vulnerable application. Other attacks may also be possible.
Ipswitch WS_FTP 2007 Professional is prone to a local memory-corruption vulnerability. This issue occurs when the 'wsbho2k0.dll' library fails to handle specially crafted arguments. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users.
Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successful exploits will result in denial-of-service conditions.
The 'libgtop2' library is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying into an insufficiently sized memory buffer. An attacker may exploit this issue by enticing victims into viewing a maliciously crafted system process with an application that uses the affected library. Successful exploits may cause arbitrary code to run with the privileges of the victim. Failed exploit attempts will likely cause denial-of-service conditions.
The InstantForum.NET application is prone to multiple cross-site scripting vulnerabilities due to inadequate input sanitization. Attackers can exploit these vulnerabilities to steal cookie-based authentication credentials and launch further attacks.
RealPlayer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted files. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Arbitrary code execution might be possible, but this is not confirmed.
The vulnerability exists in Apple Mac OS X when handling a DMG image containing a specially crafted HFS+ filesystem. By exploiting this vulnerability, an attacker can cause a kernel panic, leading to a denial-of-service condition.
Services By CQR