This exploit allows an attacker to dump MySQL login information by injecting SQL code into the ig-Calendar application. The exploit works regardless of the magic_quotes_gpc setting.
Tencent QQ is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
The ht://Dig software is vulnerable to a cross-site scripting (XSS) vulnerability. This occurs due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML or script code in a user's browser session within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The Autonomy KeyView component is prone to multiple buffer-overflow vulnerabilities. Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application. Multiple applications that incorporate the vulnerable KeyView component are also considered vulnerable to these issues. This exploit creates a malicious file with a specially crafted payload to exploit the buffer overflow vulnerabilities.
Tilde is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Skype is prone to a remote denial-of-service vulnerability because of a NULL-pointer dereference flaw. Successfully exploiting this issue allows remote attackers to crash the application, denying service to legitimate users.
FMDeluxe is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The RealPlayer ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. A remote attacker may exploit this vulnerability by presenting a malicious file to a victim and enticing them to open it with the vulnerable application. Successful exploits can allow attackers to run arbitrary code in the context of the user running an application that uses the control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
SimpleGallery is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR