The Novell Client ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error. A successful attack allows a remote attacker to crash an application that is using the ActiveX control (typically Internet Explorer), denying further service to legitimate users.
Live For Speed S2 is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker could exploit this issue to restart races on vulnerable servers, resulting in a denial-of-service condition.
Computer Associates SiteMinder is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to bypass cross-site scripting protections. Successful exploits can aid in further attacks.
Adobe Flex SDK is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to express-install template files. An attacker could exploit this vulnerability to execute arbitrary script code in the context of a web application built using the SDK. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The NetGear WNR2000 is prone to multiple remote information-disclosure issues because it fails to restrict access to sensitive information. A remote attacker can exploit these issues to obtain sensitive information, possibly aiding in further attacks. Information obtained in attacks may be used in exploits targeting the vulnerability covered in BID 36094 (NetGear WNR2000 'upg_restore.cgi' Authentication Bypass Vulnerability).
A denial of service condition can be reached by specifying an invalid value for the Authorization HTTP header. When ntop recieves this, it attempts to base64 decode the value then split it based on a colon. When no colon exists in the decoded string the username is left at its default NULL value. During the authentication process the length of the username is computed via strlen(), which results in a segmentation fault when it processes the null value.
Source Engine is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.
DUgallery is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain unauthorized administrative access to the affected application. Successfully exploiting this issue will lead to other attacks.
Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Discuz! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Services By CQR