|
|
19 Nov 2008 |
Microsoft Internet Explorer version 6 is reportedly prone to a denial-of-service vulnerability because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.
This issue is triggered when an attacker convinces a victim user to activate a malicious ActiveX control object.
Remote attackers may exploit this issue to crash Internet Explorer 6, effectively denying service to legitimate users.
A stack-based heap overflow may be possible, and as a result, remote code execution in the context of the user running the affected application may occur. This has not been confirmed. |
| Securityfocus.com |
|
|
|
|
19 Nov 2008 |
WorldClient is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
WorldClient HTTP Server and WorldClient DLL 10.0.1 included in MDaemon PRO 10.0.1 for Windows are affected; other versions may also be vulnerable.
http://drupal.org/node/207891 |
| Securityfocus.com |
|
|
|
|
19 Nov 2008 |
Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks.
Local attackers could exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level privileges, but this has not been confirmed.
Windows Vista SP1 is vulnerable to this issue. |
| Securityfocus.com |
|
|
|
|
19 Nov 2008 |
PHPCow is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. |
| Securityfocus.com |
|
|
|
|
19 Nov 2008 |
MyTopix is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MyTopix 1.3.0 is vulnerable; other versions may also be affected. |
| Securityfocus.com |
|
|
|
