allow users to input dynamic checklists into nodes. These checklists can
then be checked or unchecked with state tracked via AJAX calls to pages
that store the state in the database. Due to poor input validation on
the AJAX handling pages, this module is vulnerable to SQL injection
attacks. Depending on configuration, these attacks could be carried out
by remote unauthenticated users. Due to it's data driven design, SQL
injection attacks pose a critical threat to Drupal installations and
their hosts and could lead to full control over the webserver process.
The critical flaw exists within the ajax_checklist_save() function
(lines 61-84 of ajax_checklist.module). This function accepts three
Overview:
Lotus Domino is a client/server product designed for collaborative
working environments. Domino is designed for e-mail, scheduling,
instant messaging and data driven applications.
There exists a vulnerability in the way memory mapped files are
used under Windows. The result of which is that if the Lotus Notes
Client is used in a Microsoft Terminal Services or Citrix
environment users can read each others Lotus Notes session data
