The vulnerability occurs when the UFS filesystem handler fails to handle specially crafted DMG images. A successful exploit can cause kernel panic, resulting in a denial-of-service condition.
All In One Control Panel is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Ezboxx is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. The vulnerabilities include an SQL-injection issue, multiple cross-site scripting issues, and a path-disclosure issue. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve sensitive information, access or modify data, or exploit latent vulnerability in the underlying database implementation.
The Oracle ORADC ActiveX control is prone to a remote code-execution vulnerability. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
The vulnerability exists in the UFS filesystem handler of Apple Mac OS X. It can be exploited by sending specially crafted DMG images. A successful exploit can result in a denial-of-service condition by causing kernel panic.
WinZip is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it into an insufficiently sized buffer. An attacker may exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code within the context of the affected application, but this has not been confirmed.
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions. Successful exploits can lead to a complete compromise of affected computers. This issue affects multiple BrightStor ARCserve Backup application agents and the base product.
phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The UFS filesystem handler in Apple Mac OS X fails to handle specially crafted DMG images, leading to a remote integer-overflow vulnerability. A successful exploit can allow a remote attacker to execute arbitrary code with kernel-level privileges, resulting in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.
The iPlanet Web Server is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, within the context of the affected site. This could lead to the theft of cookie-based authentication credentials and enable further attacks.
Services By CQR