Adaptive Website Framework is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and gain access to the underlying system.
WinSCP is prone to an arbitrary file-access vulnerability. An attacker can exploit this issue to upload arbitrary files to a victim user's computer or to download arbitrary files from the victim's computer in the context of the vulnerable application.
NPDS is prone to multiple input-validation issues, including information-disclosure and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. Local file-inclusion and cross-site scripting vulnerabilities are demonstrated in the examples provided.
A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user. The malicious email message contains a malicious HTML code which contains a JavaScript code that can be executed when the user opens the email message. The JavaScript code can be used to execute arbitrary code on the vulnerable system.
KAPhotoservice is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
A local attacker can exploit this issue to create processes that cannot be killed in affected operating systems, potentially denying service to legitimate users and other software on affected computers. This may aid the attacker in further attacks.
vsREAL and vSCAL are prone to multiple cross-site scripting vulnerabilities. These issues are due to the applications' failure to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
FreeType is prone to a denial-of-service vulnerability. This issue is due to a flaw in the library that causes a NULL-pointer dereference. This issue allows remote attackers to crash applications that use the affected library, denying service to legitimate users.
FreeType is prone to a buffer-overflow vulnerability. This issue is due to an integer-underflow that results in a buffer being overrun with attacker-supplied data. This issue allows remote attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely crash applications, denying service to legitimate users.
Services By CQR