Poppler is prone to multiple denial-of-service vulnerabilities when handling malformed PDF files. Successfully exploiting this issue allows remote attackers to crash applications that use the vulnerable library, denying service to legitimate users.
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.
Banking@Home is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Swann DVR4 SecuraNet is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Novell QuickFinder Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Bitrix Site Manager is prone to multiple input-validation vulnerabilities, including an authentication-bypass vulnerability and a cross-site scripting vulnerability. An attacker may leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and steal cookie-based authentication credentials. Other attacks are also possible.
glFusion is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
FotoWeb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
PyBlosxom is prone to multiple XML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied XML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
PyCrypto (Python Cryptography Toolkit) is prone to a buffer-overflow vulnerability because it fails to adequately verify user-supplied input. Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable module. Failed attempts may lead to a denial-of-service condition.
Services By CQR