Untrusted search path vulnerability in HTTrack 3.43-9 allows local users to gain privileges via a Trojan horse httrack-plugin.dll file in the current working directory, as demonstrated by a directory that contains a .whtt file. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors.

Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.

Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.

The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.

fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.

fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.