Eternal Lines Web Server is reported prone to a remote denial of service vulnerability. It is reported that the issue presents itself when the web service handles 70 or more simultaneous connections from a remote host. A remote attacker may exploit this vulnerability to deny service to legitimate users.
Xoops Incontent module is reported prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. A malicious user could issue a request containing directory traversal strings such as '../' to possibly view files outside the server root directory.
A remote information disclosure issue affects CitrusDB. This issue is due to a design problem that grants unauthorized users the ability to export sensitive data. An attacker may leverage this issue to gain access to sensitive information including credit card data.
Infinite Mobile Delivery Webmail is reportedly affected by a path disclosure vulnerability. This issue could permit a malicious user to expose the root path of the affected application.
ngIRCd is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A successful attack may allow the attacker to crash the server or gain unauthorized access to a vulnerable computer.
Multiple cross-site scripting and HTML injection vulnerabilities affect the vulnerable software. The product is also vulnerable to a file creation with arbitrary data vulnerability. Finally it is possible for an authenticated attacker to move and read arbitrary files on an affected computer with the privileges of the affected application. An attacker may leverage these issues to move arbitrary files with the privileges of the affected server, to carry out cross-site scripting and HTML injection attacks and to create a file with arbitrary content. These issues may lead to system wide denial of service as well as other attacks.
Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities. The application is affected by multiple cross-site scripting issues. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. The application is reportedly also affected by an access validation vulnerability with regards to user accounts. This issue could permit an attacker to modify various aspects of an existing users account.
It is reported that WebWasher Classic is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.
Magic Winmail Server is reportedly affected by multiple vulnerabilities. There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie. There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server. Magic Winmail Server's FTP service also reportedly fails to properly verify the IP address supplied by a user in a PORT command.
War FTP Daemon is reported prone to a remote denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. War FTP Daemon 1.82.00-RC9 is reported prone to this issue. It is likely that previous versions are vulnerable as well.
Services By CQR