[CLOSE] OSVDB ID : 53926 - Disclosed: 2009-04-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53925 - Disclosed: 2009-04-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67478 - Disclosed: 2010-08-25

Description:

010 Editors is prone to a flaw in the way it loads dynamic-link libraries (e.g. wintab32.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a HEX file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 28294 - Disclosed: 2004-03-13

Description:

(Description Provided by CVE) : Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).

[CLOSE] OSVDB ID : 11606 - Disclosed: 2004-11-11

Description:

04WebServer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the Response_default.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27940 - Disclosed: 2006-08-14

Description:

04Webserver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables submitted via the URL and returns it back via the error page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 11607 - Disclosed: 2004-11-11

Description:

04WebServer contains a flaw that may allow a malicious user to inject arbitrary characters into the log file. The issue is triggered when an attacker submits a specially crafted URL. It is possible that the flaw may allow the injection of false entries into the log file resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11608 - Disclosed: 2004-11-11

Description:

04WebServer contains a flaw that may allow a malicious user perform a DoS attack. The issue is triggered when an attacker specifies a DOS device name in the request URL. It is possible that the flaw may allow a DoS resulting in a loss of availability.

[CLOSE] OSVDB ID : 16067 - Disclosed: 2005-05-01

Description:

04WebServer contains a flaw that allows a remote attacker to access arbitrary files outside the www root folder but not outside the 04webserver installation folder (C:\Program FilesWebServer). The issue is due to the application web server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 28293 - Disclosed: 2004-03-13

Description:

(Description Provided by CVE) : Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.

[CLOSE] OSVDB ID : 27941 - Disclosed: 2006-08-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing.

[CLOSE] OSVDB ID : 28292 - Disclosed: 2002-06-02

Description:

(Description Provided by CVE) : Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information.

[CLOSE] OSVDB ID : 43557 - Disclosed: 2007-03-22

Description:

(Description Provided by CVE) : 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.

[CLOSE] OSVDB ID : 26029 - Disclosed: 2006-06-09

Description:

0verkill contains a flaw that may allow a remote denial of service. The issue is triggered when an integer underflow error occurs in recv_packet() function, and will result in loss of availability for the 0verkill daemon. recv_packet() function is involved in handling the received UDP packets. The attacker can send a UDP packet smaller than 12 bytes to cause the underflow and crash the daemon process thereby causing Denial of Service.