The vulnerability is caused by a NULL-pointer dereference in PHP. An attacker can exploit this issue by using a proof-of-concept such as the 'grapheme_extract' function with a negative value, causing an application written in PHP to crash and deny service to legitimate users.
The GetSimple CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
The vulnerability allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP headers because the 'WEBrick::HTTPRequest' module fails to sufficiently sanitize input. By inserting arbitrary data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
After sending a crafted INVITE/CANCE or any message with a "WWW-Authenticate" where the "Digest domain" is crafted the device freezes provoking a DoS. A remote individual can remotely crash and perform a Denial of Service(DoS) attack in all the services provided by the software by sending one crafted SIP INVITE message. This is conceptually similar to the "ping of death".
MG2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Dokeos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The TP-Link WR740N Wireless N Router network device is exposed to a denial of service vulnerability when processing a HTTP GET request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Resending the value 'new' to the 'isNew' parameter in 'PingIframeRpm.htm' script to the router thru a proxy will crash its httpd service denying the legitimate users access to the admin control panel management interface. To bring back the http srv and the admin UI, a user must physically reboot the router.
The Active Link Engine script is vulnerable to a remote SQL injection attack. An attacker can manipulate the 'catid' parameter to inject malicious SQL code and retrieve sensitive information from the database. The attacker can also bypass authentication and gain unauthorized access to the admin panel.
The CAPTCHA module in Drupal is prone to a security-bypass vulnerability that occurs in the CAPTCHA authentication routine. Successful exploits may allow attackers to bypass the CAPTCHA-based authentication routine, allowing attackers to perform brute-force attacks.
The vulnerability allows remote attackers to include arbitrary files via a parameter in the module.php menu parameter.
Services By CQR
