Feng is prone to multiple remote buffer-overflow and denial-of-service vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the server application. Attackers may also crash the application, denying service to legitimate users.
Libnemesi is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.
Extended Module Player (xmp) is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks before copying user-supplied input into an insufficiently sized buffer.These issues occur when the application handles specially crafted OXM and DTT files.Attackers can exploit these issues to execute arbitrary code that could compromise the affected computer. Failed attacks will likely cause denial-of-service conditions.Extended Media Player 2.5.1 is vulnerable; other versions may also be affected.
iPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
iPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Web Sihirbazi is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The Limbo CMS is vulnerable to a cross-site scripting (XSS) attack due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially leading to the theft of authentication credentials and other malicious activities.
The AOL Picture Editor 'YGPPicEdit.dll' ActiveX control is prone to multiple vulnerabilities that attackers can exploit to crash the application. The issues stem from various buffer-overflow conditions. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page. Successfully exploiting these issues may allow remote attackers to crash the affected application using the ActiveX control (typically Internet Explorer), denying service to legitimate users. Reports indicate that this issue may not be exploited to execute arbitrary code.
The ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device.
Services By CQR