[CLOSE] OSVDB ID : 45110 - Disclosed: 1997-11-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25203 - Disclosed: 2006-05-02

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability.

[CLOSE] OSVDB ID : 25202 - Disclosed: 2006-05-02

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.

[CLOSE] OSVDB ID : 68703 - Disclosed: 2010-10-12

Description:

32bit FTP Client is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted overly long LIST response, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 54416 - Disclosed: 2009-05-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command.

[CLOSE] OSVDB ID : 66808 - Disclosed: 2010-08-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 54584 - Disclosed: 2009-05-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.

[CLOSE] OSVDB ID : 60158 - Disclosed: 2003-02-04

Description:

(Description Provided by CVE) : Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.

[CLOSE] OSVDB ID : 54219 - Disclosed: 2009-05-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.

[CLOSE] OSVDB ID : 26507 - Disclosed: 2006-06-13

Description:

35mm Slide Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the imgdir variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26508 - Disclosed: 2006-06-13

Description:

35mm Slide Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the w, h and t variables upon submission to the popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 64349 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64348 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78591 - Disclosed: 2011-12-14

Description:

360 KouXin Application for Android contains a flaw related that may allow a remote attacker to access and manipulate data relating to a user's SMS or contact list.

[CLOSE] OSVDB ID : 78587 - Disclosed: 2011-12-13

Description:

360 MobileSafe Application for Android contains a flaw related that may allow a remote attacker to access and manipulate data relating to SMS and the contact list.

[CLOSE] OSVDB ID : 64350 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64351 - Disclosed: 2010-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62072 - Disclosed: 2010-02-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65354 - Disclosed: 2010-05-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72110 - Disclosed: 2011-04-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72109 - Disclosed: 2011-04-15

Description:

360 Web Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker accesses the HTML source code of the adm/barra/assetmanager/assetmanager.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 72111 - Disclosed: 2011-04-15

Description:

360 Web Manager contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the adm/barra/assetmanager/assetmanager.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an unspecified parameter. This directory traversal attack would allow the attacker to list or delete arbitrary files.

[CLOSE] OSVDB ID : 40955 - Disclosed: 2008-01-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.

[CLOSE] OSVDB ID : 65355 - Disclosed: 2010-05-25

Description:

360 Web Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the webpages-form-led-edit.php script not properly sanitizing user-supplied input to the 'IDFM' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 75072 - Disclosed: 2010-12-16

Description:

(Description Provided by CVE) : Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.

[CLOSE] OSVDB ID : 75073 - Disclosed: 2011-01-10

Description:

(Description Provided by CVE) : slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019.

[CLOSE] OSVDB ID : 6700 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.

[CLOSE] OSVDB ID : 20832 - Disclosed: 2005-11-14

Description:

3CFR contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'LangueID' and 'ThemeID' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 12809 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

[CLOSE] OSVDB ID : 12810 - Disclosed: 2005-01-04

Description:

A remote overflow exists in 3CDaemon. The FTP application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.