In-portal 5.0.3 is vulnerable to a remote arbitrary file upload vulnerability. This vulnerability exists due to insufficient validation of user-supplied input in the 'FileUpload' function of the 'commands.php' script. An attacker can exploit this vulnerability to upload arbitrary files to the web server, which can lead to remote code execution. The vulnerable code is located in the 'path/core/editor/editor/filemanager/connectors/php/config.php' and 'path/core/editor/editor/filemanager/connectors/php/commands.php' scripts.
AJ Shopping Cart v1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the admin panel by sending a malicious SQL query. The vulnerable parameter is 'maincatid'. An attacker can exploit this vulnerability by sending a malicious SQL query as a value of the 'maincatid' parameter.
AJ Matrix DNA is the world's leading MLM software solution for all MLM and affiliate programs. It is vulnerable to multiple SQL injection attacks, which can be exploited to extract sensitive information from the database. The exploit involves sending malicious SQL queries to the vulnerable parameter 'id' in the URL. An attacker can use the 'union' operator to combine the results of two or more SELECT statements into a single result set.
Multiple XSS possibilities on multiple parameters, e.g. when creating an ecard: index.php?mode=select&category=XX&card[image]=XX&card[sender_name]=~XSS~&card[sender_email]=XX&card[recip_name]=~XSS~&card[recip_email]=XX&card[stamp]=XX&card[bg]=%23B8C2C9&card[font_color]=%23A2ABB1&card[category]=XX&PHPSESSID=XX
A denial-of-service vulnerability exists in Apple iPhone 3.1.2 (7D11) Model MB702LL Mobile Safari due to a stack exhaustion issue. An attacker can exploit this vulnerability by sending a specially crafted HTML page to the target device. This will cause the device to crash and become unresponsive.
The 'WWW-Authenticate' header for BASIC and DIGEST authentication includes a realm name. If a <realm-name> element is specified for the application in web.xml it will be used. However, a <realm-name> is not specified then Tomcat will generate one using the code snippet: request.getServerName() + ':' + request.getServerPort() In some circumstances this can expose the local hostname or IP address of the machine running Tomcat.
Input passed via the “export_item_id” parameter to “templates_export.php” script is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealing with some Message, will call gapfnScSendMessage this function table function to process, which under the deal 2000/xp/2003 0x4c No. message, there will be SfnINSTRING function called this function when the lParam is not empty, direct that the lParam is a memory pointer, and pull data directly from the address despite the use of the function of the SEH, but as long as the kernel address transmission errors will still cause the system BSOD.
Win32k.sys in DispatchMessage when the last call to xxxDefWindowProc, this function in dealing with some Message, will call gapfnScSendMessage this function table function to process, which under the deal 2000/xp/2003 0x4c No. message, there will be a function called SfnLOGONNOTIFY, this function again when the wParam == 4/13/12 When the data directly from the lParam inside out, despite the use of the function of the SEH, but as long as the kernel passes the wrong address, will still lead to BSOD.
The main problem is in ssl/t1_enc.c => tls1_mac() function. There is a NULL pointer dereference => ssl->d1 because d1 is only initialized in ssl/d1_lib.c => dtls1_new(). So if you use SSLv23_server_method() or TLSv1_server_method() this variable will be NULL. If the patch (see http://openssl.org/news/secadv_20100324.txt) is not applied its possible to set the version to DTLS1_BAD_VER (0x100) or DTLS_VERSION (0xfeff) and transmit the packet to the server or client to trigger the vulnerability.
Services By CQR