|
|
8 sep 2008 |
VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
VLC media player 0.8.6i is vulnerable; other versions may also be affected. |
| Securityfocus.com |
|
|
|
|
8 sep 2008 |
Multiple Vastal I-Tech products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise one of the applications, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following products are affected:
Share Zone
Toner Cart
Visa Zone
Software Zone
Jobs Zone
MMORPG
Mag Zone
Freelance Zone
Cosmetics Zone
DVD Zone |
| Securityfocus.com |
|
|
|
|
8 sep 2008 |
Xastir creates temporary files in an insecure manner.
An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. |
| Securityfocus.com |
|
|
|
|
8 sep 2008 |
EsFaq is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
EsFaq 2.0 is affected; other versions may also be vulnerable. |
| Securityfocus.com |
|
|
|
|
8 sep 2008 |
Google Chrome is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTML 'img' tags.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
Google Chrome 0.2.149.27 is vulnerable; other versions may also be affected. |
| Securityfocus.com |
|
|
|
