In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.

SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.