It has been reported that Vizer Web Server may be prone to a remote denial of service vulnerability that may allow an attacker to cause the affected server to crash, denying service to legitimate users. Vizer Web Server 1.9.1 has been reported to be affected by this issue. An attacker can exploit this vulnerability by sending a specially crafted request such as index.htm without specifying GET and HTTP, GET /aaaaaa[ 250 of a ]aaa HTTP/1.1 specifying GET and HTTP, GET /aaaaaa[ 250 of a ]aaa specifying only GET, or GET c: specifying only GET.
Multiple vulnerabilities have been identified in the software due to improper sanitization of user-supplied input. Successful exploitation of these issues could allow an attacker to carry out cross-site scripting and SQL injection attacks via the 'id' parameter of 'more.php' script.
It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software. An example of such a query is http://www.example.com/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,null,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*
A vulnerability has been reported for RobotFTP Server. The problem likely occurs due to insufficient bounds checking when processing 'USER' command arguments of excessive length.
A vulnerability has been reported for RobotFTP Server. The problem likely occurs due to insufficient bounds checking when processing 'USER' command arguments of excessive length. An attacker can exploit this vulnerability by sending a specially crafted 'USER' command with an argument of excessive length, resulting in a buffer overflow. This may allow the attacker to execute arbitrary code on the vulnerable system.
Freeform Interactive Purge and Purge Jihad game clients have been reported prone to a remotely exploitable buffer overflow condition. The issue presents itself in the client network connection routines used by the client to negotiate a connection to a Purge/Purge Jihad game server. A malicious game server may exploit this condition to potentially corrupt sensitive process memory in the affected game client and ultimately execute arbitrary code with the privileges of the user who invoked the game.
It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.
EarlyImpact ProductCart is reportedly prone to multiple vulnerabilities. The specific issues include SQL injection, cross-site scripting and cryptographic weaknesses. These issues could expose sensitive data such as user credentials and allow for execution of hostile script code and HTML. These issues could allow for full compromise of the software.
A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to crash, denying service to legitimate users. This issue is due to insufficient bounds checking. Upon successful exploitation an attacker may be able to cause the affected server to crash, denying service to legitimate users.
It has been reported that CesarFTP is prone to a remote resource exhaustion vulnerability. This issue is due to the application failing to properly validate user input. Successful exploitation of this issue may cause the affected server to hang, denying service to legitimate users. It has been conjectured that this issue may be due to a boundary management problem that may lead to arbitrary code execution, however this has yet to be verified.
Services By CQR