aj fork software vulnerabilities
vulnerabilities.aspcode.net
Searching aj fork software vulnerabilities
The do_fork function in Linux 2.4.x before 2.4.
function
|
do_fork
|
before
|
Linux
|
24x
|
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
Apache for Apple Mac OS X 10.2.8 and 10.3.6 all
Apache
|
Apple
|
Mac
|
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
AJ-Fork 167 allows remote attackers to gain sen
AJ-Fork
|
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message.
AJ-Fork 167 does not restrict access to directo
AJ-Fork
|
AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.
The documentation for AJ-Fork 167 implies that
documentation
|
AJ-Fork
|
The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.
The "Open 'safe' files after downloading" optio
user-assisted
|
downloading"
|
downloading
|
attackers
|
arbitrary
|
contains
|
__MACOSX
|
metadata
|
tricking
|
commands
|
execute
|
'safe'
|
Safari
|
option
|
allows
|
folder
|
remote
|
after
|
"Open
|
Apple
|
files
|
user
|
into
|
Mac
|
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
Apple Mac OS X kernel allows local users to cau
register
|
service
|
process
|
kernel
|
denial
|
kevent
|
parent
|
allows
|
Apple
|
event
|
queue
|
child
|
users
|
cause
|
local
|
fork
|
same
|
uses
|
then
|
via
|
Mac
|
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
Guestbook
|
traversal
|
directory
|
Multiple
|
@lex
|
Multiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 and earlier allow remote attackers to (1) include and execute arbitrary local files via a relative pathname in the lang parameter to index.php, which is handled in livre_include.php, and (2) possibly access arbitrary directories via the aj_skin and skin_edit parameters to admin/skins.php.
SQL injection vulnerability in topic_title.php
topic_titlephp
|
vulnerability
|
attackers
|
arbitrary
|
injection
|
parameter
|
commands
|
execute
|
allows
|
remote
|
td_id
|
Forum
|
SQL
|
via
|
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
SQL injection vulnerability in postingdetails.p
postingdetailsphp
|
vulnerability
|
Classifieds
|
arbitrary
|
attackers
|
postingid
|
injection
|
parameter
|
commands
|
execute
|
allows
|
remote
|
SQL
|
via
|
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
SQL injection vulnerability in subcat.php in AJ
vulnerability
|
arbitrary
|
attackers
|
subcatphp
|
parameter
|
injection
|
commands
|
execute
|
Auction
|
cate_id
|
allows
|
remote
|
SQL
|
via
|
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Apache httpd 2.0.59 and 2.2.4, with the Prefork
Apache
|
httpd
|
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
Software vulnerabilities results 1 to 13 of 13
Page:
1