This vulnerability occurs when a pointer is freed and then used again, leading to a segmentation fault. In this case, the jpg file attached causes an invalid pointer to be freed when media scanning occurs. The backtrace shows that the je_free() function is called from the libc.so library, followed by the free() function, and then the WINKJ_DeleteDeCompress() function from the libQjpeg.so library.
WordPress plugin WP User Frontend suffers from an unrestricted file uploade vulnerability. An attacker can exploit the wpuf_file_upload or wpuf_insert_image actions to upload any file which pass the WordPress mime and size checks. The attack does not require any privilege to be performed. The mentioned actions are available to non-privileged users also, thus allowing to anyone uploading files to the web server.
User Meta Manager for WordPress plugin up to v3.4.6 suffers from a information disclosure vulnerability. Any registered user can perform an a series of AJAX requests, in order to get all contents of `usermeta` DB table. `usermeta` table holds additional information for all registered users. User Meta Manager plugin offers a `usermeta` table backup functionality. During the backup process the plugin takes no action in protecting the leakage of the table contents to unauthorized (non-admin) users.
Solr is an open source enterprise search platform built on Apache Lucene. It can be used for natural language processing, data research, data mining, and some mobile backends on virtual private servers. An attacker can delete all data in Solr by using a GET request with a delete query and a commit parameter set to true. This can be tested by sending a GET request to the server with the URL http://server:8080/solr/lambeth_planning/select/?q=*%3A*&version=2.2&start=0&rows=10&indent=on and then sending a GET request with the URL http://server:8080/solr/lambeth_locations/update?stream.body=<delete><query>*:*<%2Fquery><%2Fdelete>&commit=true. After this, the first query can be used to verify that all data has been deleted.
Symphony CMS 2.6.3 is vulnerable to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited by remote attackers to gain access to sensitive information stored in the database. An attacker can exploit these vulnerabilities by sending specially crafted requests to the vulnerable application. The vulnerable parameters are 'fields[username]', 'action[save]' and 'fields[email]' of the '/symphony/system/authors/new/' page.
This bug was found using the portal with authentication as administrator. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application. It is possible to inject SQL code in the variable 'country_blacklist' on the page 'action=spam_filter'.
Netgear's NMS300 is a network management utility that runs on Windows systems. It has serious two vulnerabilities that can be exploited by a remote attacker. The first one is an arbitrary file upload vulnerability that allows an unauthenticated attacker to execute Java code as the SYSTEM user. The second vulnerability is an arbitrary file download that allows an authenticated user to download any file from the host that is running NMS300.
User Meta Manager for WordPress plugin up to v3.4.6 suffers from a privilege escalation vulnerability. A registered user can modify the meta information of any registered user, including himself. This way he can modify `wp_capabilities` meta to escalate his account to a full privileged administrative account.
AJAX actions `umm_edit_user_meta` and `umm_delete_user_meta` of the User Meta Manager for WordPress plugin up to v3.4.6 are vulnerable to blind SQL injection attacks. A registered user can pass arbitrary MySQL commands to `umm_user` GET param.
D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. (dot dot) in the errorpage parameter.
Services By CQR