FreeBSD FPU x87 Register Information Disclosure
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the Floating Point Units (FPUs) of the affected processor types do not save and restore the FOP, FID and FPD registers when certain instructions are executed. As a result, FreeBSD does not clear these registers either. When a context switch occurs, a user can potentially read these uncleared registers which could disclose floating point information, resulting in a loss of confidentiality.. Read more.
NetBSD sysctl() Memory Exhaustion Local DoS
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user causes a system lockup by allocating all available physical memory to a user supplied buffer where results of the sysctl(3) call are stored, and will result in loss of availability for the platform.. Read more.
NetBSD elf_load_file() Malformed ELF Interpreter Local DoS
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when the elf_load_file() function dereferences a NULL pointer. The NULL pointer dereference occurs when a malicious user creates an elf interpreter that lacks a PT_LOAD section in its header. This will result in loss of availability for the platform.. Read more.
bsdgames sail Username Local Overflow
A local overflow exists in sail of bsdgames. The game fails to validate the size of input into the 'buf' variable, resulting in a buffer overflow. With a specially crafted request, an attacker can obtain the privileges of the games group, resulting in a loss of integrity.. Read more.
Bloggage check_login.asp Multiple Variable SQL Injection
Bloggage contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the check_login.asp script not properly sanitizing user-supplied input to the 'acc_name' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
phpLDAPadmin template_engine.php Multiple Variable XSS
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Container DN', 'Machine Name', or 'UID Number' fields as well as the 'dn' variable upon submission to the template_engine.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
phpLDAPadmin search.php scope Variable XSS
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'scope' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
phpLDAPadmin rename_form.php dn Variable XSS
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the rename_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
phpLDAPadmin delete_form.php dn Variable XSS
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the delete_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
phpLDAPadmin copy_form.php dn Variable XSS
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the copy_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Vuln: CrossFire Denial Of Service Vulnerability
CrossFire Denial Of Service Vulnerability. Read more.
Vuln: VWar Admin.PHP Remote File Include Vulnerability
VWar Admin.PHP Remote File Include Vulnerability. Read more.
Vuln: XZGV Image Viewer JPEG File Remote Heap Buffer Overflow Vulnerability
XZGV Image Viewer JPEG File Remote Heap Buffer Overflow Vulnerability
. Read more.
