[CLOSE] OSVDB ID : 45110 - Disclosed: 1997-11-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25203 - Disclosed: 2006-05-02

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability.

[CLOSE] OSVDB ID : 25202 - Disclosed: 2006-05-02

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.

[CLOSE] OSVDB ID : 68703 - Disclosed: 2010-10-12

Description:

32bit FTP Client is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted overly long LIST response, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 54416 - Disclosed: 2009-05-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command.

[CLOSE] OSVDB ID : 66808 - Disclosed: 2010-08-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 54584 - Disclosed: 2009-05-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.

[CLOSE] OSVDB ID : 60158 - Disclosed: 2003-02-04

Description:

(Description Provided by CVE) : Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.

[CLOSE] OSVDB ID : 54219 - Disclosed: 2009-05-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.

[CLOSE] OSVDB ID : 26507 - Disclosed: 2006-06-13

Description:

35mm Slide Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the imgdir variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26508 - Disclosed: 2006-06-13

Description:

35mm Slide Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the w, h and t variables upon submission to the popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 64349 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64348 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78591 - Disclosed: 2011-12-14

Description:

360 KouXin Application for Android contains a flaw related that may allow a remote attacker to access and manipulate data relating to a user's SMS or contact list.

[CLOSE] OSVDB ID : 78587 - Disclosed: 2011-12-13

Description:

360 MobileSafe Application for Android contains a flaw related that may allow a remote attacker to access and manipulate data relating to SMS and the contact list.

[CLOSE] OSVDB ID : 64350 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64351 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62072 - Disclosed: 2010-02-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 89360 - Disclosed: 2008-04-25

Description:

By default, 360 Systems Image Server 2000 installs with default user credentials (username/password combination). The 'ADMINISTRATOR' account has a password of '3ware', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 65354 - Disclosed: 2010-05-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72110 - Disclosed: 2011-04-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72109 - Disclosed: 2011-04-15

Description:

360 Web Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker accesses the HTML source code of the adm/barra/assetmanager/assetmanager.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 72111 - Disclosed: 2011-04-15

Description:

360 Web Manager contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the adm/barra/assetmanager/assetmanager.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an unspecified parameter. This directory traversal attack would allow the attacker to list or delete arbitrary files.

[CLOSE] OSVDB ID : 40955 - Disclosed: 2008-01-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.

[CLOSE] OSVDB ID : 65355 - Disclosed: 2010-05-25

Description:

360 Web Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the webpages-form-led-edit.php script not properly sanitizing user-supplied input to the 'IDFM' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 81508 - Disclosed: 2012-01-01

Description:

360zip contains a flaw related to file browsing and extraction that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 91252 - Disclosed: 2013-02-02

Description:

389 Directory Server contains a flaw in the get_ldapmessage_controls_ext() function that may allow a remote denial of service. The issue is triggered when handling LDAP control data. With a specially crafted LDAP control sequence with a zero length, a remote attacker can crash the server.

[CLOSE] OSVDB ID : 83233 - Disclosed: 2012-06-22

Description:

389 Directory Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by LDAP during password change operations, which will disclose unhashed password information to an attacker with access to network traffic between the LDAP server and the user.

[CLOSE] OSVDB ID : 93360 - Disclosed: 2013-03-28

Description:

389 Directory Server contains a flaw in the do_search function in ldap/servers/slapd/search.c that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when handling a specially crafted LDAP search. This may allow a remote attacker to gain access to potentially sensitive information.

[CLOSE] OSVDB ID : 85772 - Disclosed: 2012-09-26

Description:

389 Directory Server contains a flaw that is triggered during the handling of a modifyRDN operation. This may allow a remote attacker to bypass the access control list when a DN entry is moved via the database modify RDN function.