A SQL injection vulnerability exists in the 'freesearch.php' script, which allows an attacker to inject malicious SQL queries into the application. The attacker can use this vulnerability to gain access to sensitive information stored in the database.
Weborf HTTP Server can't handle unicode characters in 'Connection: ' general header-field leading to a Denial-of-Service flaw. An exploit is written in Perl which sends a request with a malicious 'Connection: ' header-field containing four unicode characters.
An issue was discovered with the OpenEMR standard installation. There exists a persistent cross-site scripting (XSS) attack vector, in which a patient may be maliciously named in a way that will send session data to a third party web host.
Novell iManager is prone to a stack-based buffer overflow vulnerability that can be exploited by authenticated users to execute arbitrary code, and to an off-by-one error that can be abused by remote, unauthenticated attackers to cause a Denial of Service to the application.
A vulnerability exists in 2daybiz Freelance script, which allows an attacker to inject malicious SQL commands into the 'pid' parameter of the 'project_details.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication and gain access to the application.
A vulnerability exists in 2daybiz matrimonial script which allows an attacker to inject malicious SQL commands into a vulnerable web application. By exploiting this vulnerability, an attacker can gain access to the database and execute arbitrary SQL commands. The vulnerable parameter is the 'id' parameter in the customprofile.php file. An attacker can inject malicious SQL commands into the 'id' parameter and gain access to the database.
A vulnerability exists in the Custom Business Card script, which allows an attacker to inject arbitrary SQL commands. By sending a specially crafted SQL query to the vulnerable script, an attacker can gain access to the application database and potentially compromise the application and all its data.
This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable web application. The attacker can use this vulnerability to gain access to the database and modify, delete or extract data from the database.
InterScan Web Security Virtual Appliance has a shell called “uihelper” that has suid bit on. So it could be possible to execute commands as root. Also using the vulnerability “Arbitrary File Upload” remote commands could be run as root.
mountnfs() employs an insufficient input validation method for copying data passed in the struct nfs_args from userspace to kernel. Specifically, the file handle to be mounted (nfs_args.fh) and its size (nfs_args.fhsize) are completely user-controllable. This can cause a kernel heap overflow when argp->fh is bigger than 128 bytes (the size of nmp->nm_fh) since nmp is an allocated item on the UMA zone nfsmount_zone.
Services By CQR