|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : WLB-2008050004 | ||||||||
 SecurityAlert : None
Credit : decoder SecurityRisk : Low  (About) Remote : No Local : Yes Status : Bug History : [2008-05-25] Started [2008-05-26] Local exploitable has been changed by SecurityReason [2008-05-26] Remote exploitable has been changed by SecurityReason Affected software : xt:Commerce shop software Text : Hello, I've found a suspicious behavior of the xt:Commerce shop software (only verified in their demo shop). When entering "<>>" as a search query in the Quick Purchase field at the left side of the shop, I get: Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 8388611 bytes) in /is/htdocs/wp1052946_X4Y7B4PF21/www/includes/classes/class.inputfilter.php on line 136 This looks very much like a problem in the input filter that causes too much memory to be allocated (and that could of course be used for DoS) Unfortunately, the source code is not available freely, so I cannot investigate this further. If anyone has the source code available, feel free to check out the specific region in the input filter. I informed the company but they closed my ticket without any response, and even after I reopened it, there hasn't been any feedback for almost 2 weeks now. Best regards, Christian Holler If you want change this note, please use UCP
|
||||||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |