[CLOSE] OSVDB ID : 33672 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

[CLOSE] OSVDB ID : 33671 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

[CLOSE] OSVDB ID : 35770 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

[CLOSE] OSVDB ID : 57426 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.

[CLOSE] OSVDB ID : 62599 - Disclosed: 2009-09-12

Description:

A format string flaw exists in War FTP Daemon. The program fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted LIST, SIZE or SITE request, a remote attacker can crash the service or possibly execute arbitrary code.

[CLOSE] OSVDB ID : 34041 - Disclosed: 2007-03-14

Description:

(Description Provided by CVE) : Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.

[CLOSE] OSVDB ID : 16619 - Disclosed: 2005-05-17

Description:

A remote overflow exists in War Times European Frontline. The War Times fails to properly bounds check user-supplied network data prior to copying it into a fixed-size memory buffer. With a specially crafted request containing a nickname of 64 bytes, the max data block size, an attacker can cause a buffer overflow resulting in a loss of availability.

[CLOSE] OSVDB ID : 60205 - Disclosed: 2009-05-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 24609 - Disclosed: 2006-04-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30399 - Disclosed: 2006-03-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.

[CLOSE] OSVDB ID : 30400 - Disclosed: 2006-03-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.

[CLOSE] OSVDB ID : 24770 - Disclosed: 2006-04-14

Description:

(Description Provided by CVE) : SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie.

[CLOSE] OSVDB ID : 24771 - Disclosed: 2006-04-14

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.

[CLOSE] OSVDB ID : 36345 - Disclosed: 2006-04-19

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 36344 - Disclosed: 2006-04-19

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 4679 - Disclosed: 2000-01-05

Description:

WarFTPd contains a flaw that may allow a remote attacker to access arbitrary files. No further details have been provided.

[CLOSE] OSVDB ID : 2409 - Disclosed: 2003-08-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4680 - Disclosed: 1999-12-14

Description:

War FTP Daemon version 1.70 contains a flaw that may allow a remote denial of service. The issue is triggered when sixty or more connections are established when certain characters are used in the logon name. This will result in loss of availability for the service.

[CLOSE] OSVDB ID : 4677 - Disclosed: 2000-02-03

Description:

WarFTPd contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker supplies a CWD command with an overly large string (8k), and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 13225 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.

[CLOSE] OSVDB ID : 874 - Disclosed: 2001-03-06

Description:

WarFTPd contains a flaw that allows a remote attacker to obtain arbitrary directory listings outside of the FTP root path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "dir" command.

[CLOSE] OSVDB ID : 30239 - Disclosed: 2006-11-08

Description:

(Description Provided by CVE) : War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.

[CLOSE] OSVDB ID : 2886 - Disclosed: 2003-12-01

Description:

War FTP Daemon contains a flaw that may allow a remote denial of service. The issue is triggered when multiple connections are made, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 4681 - Disclosed: 2003-12-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4678 - Disclosed: 2000-01-08

Description:

WarFTPd contains a flaw that may allow a remote attacker to execute system commands with administrative privileges or access any file on the local machine. The issue is due to a flaw in the ODBC driver. No further details have been provided.

[CLOSE] OSVDB ID : 1194 - Disclosed: 2000-01-05

Description:

(Description Provided by CVE) : Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

[CLOSE] OSVDB ID : 875 - Disclosed: 1998-03-19

Description:

WarFTPD contains a flaw that allows a remote attacker execute arbitrary code. The issue is due to improper bounds checking for the USER and PASS commands. If an attacker supplies a specially crafted request they may be able to overflow the buffer and execute arbitrary code with the same privileges as the server.

[CLOSE] OSVDB ID : 4682 - Disclosed: 2003-08-11

Description:

War FTPd contains a flaw that may lead to an unauthorized username and password exposure. It is possible to gain access to plaintext passwords by viewing the WarUser.dat file. Storing usernames and passwords in plaintext may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 25220 - Disclosed: 2006-05-01

Description:

A remote overflow exists in WarFTPd. The product fails to handle an exception after around 100 file paths are added, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 30742 - Disclosed: 2006-11-26

Description:

(Description Provided by CVE) : SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.