The VPN service daemon in Apple Mac OS X is prone to a format-string vulnerability. It fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Attackers can exploit this vulnerability to crash the application or execute arbitrary code with superuser privileges, potentially leading to a complete compromise of vulnerable computers.
The DGNews application is vulnerable to SQL injection due to inadequate sanitization of user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The DGNews application is prone to a cross-site scripting vulnerability. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed exploit attempts will result in a denial of service.# USERNAME=$(perl -e 'print "a" x 31')# useradd -c '&&&&&&&&& your-favourite-ascii-shellcode-here' $USERNAME# echo alias billg $USERNAME >~/.muttrc# mutt billg# Segmentation fault (core dumped)
FlashChat is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.
The OpenOffice 'Writer' component is prone to a remote denial-of-service vulnerability. Successful exploits may allow remote attackers to cause denial-of-service conditions on the webserver running the affected application.
The vulnerability allows an attacker to perform cross-site scripting attacks by injecting malicious code into the affected website. This can lead to the theft of authentication credentials and other potential attacks.
Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Digirez is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR