Herberlin BremsServer is prone to a directory-traversal vulnerability. An attacker may exploit this issue to gain access to files residing outside the web server root directory of the affected system. This issue exists due to a failure to validate user specified URI input.
A vulnerability has been reported in mIRC that may allow a remote attacker to crash a vulnerable mIRC client. It has been reported that the issue will present itself only in certain circumstances. Although unconfirmed, due to the nature of this vulnerability it has been conjectured that a remote attacker may potentially lever this issue to have arbitrary code executed in the context of the affected mIRC client.
BremsServer is vulnerable to Cross-Site Scripting (XSS) attacks due to the server failing to check or filter user strings that are sent to the server. An attacker can exploit this vulnerability by creating a link that includes embedded malicious HTML and script code and enticing a user to follow it.
It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of register_globals when the register_globals settings is disabled. It has been reported that register_globals functionality is simulated by extracting the values of the various $HTTP_ global variables into the global namespace. Due to improper sanitization of user-supplied data, an attacker may be able to overwrite the value of 'HTTP_POST_VARS' via the register_global simulation. Arbitrary PHP files may be included via the 'GALLERY_BASEDIR' parameter.
IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This hostile code may be rendered in the web browser of a user who follows the malicious link. Exploitation could permit theft of cookie-based authentication credentials or other attacks.
A vulnerability in Borland Web Server for Corel Paradox has been reported that may allow a remote attacker to view files residing outside of the web server root directory on the affected system. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences such as '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini' and '..................../autoexec.bat' to the affected server.
TinyServer is prone to multiple vulnerabilities, including a directory traversal issue that could allow a remote user to view or download any file to which the server has access, a denial of service issue due to the failure of the server to check input strings received, and a cross-site scripting issue that could allow for theft of cookie-based authentication credentials or other attacks.
Oracle HTTP Server is reportedly prone to a cross-site scripting issue. This could permit a remote attacker to create a malicious link to the web server that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. If an excessively long filename is specified for the command, an internal buffer will be overrun, resulting in a failure of the FTP server. Execution of arbitrary code may be possible.
Reptile is vulnerable to a remote denial of service attack due to the server not timing out on incomplete requests. An attacker can exploit this vulnerability by sending incomplete GET requests to the webserver, such as 'GET index.htm' without specifying the HTTP* at the end of the request.
Services By CQR