(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability.
32bit FTP Client is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted overly long LIST response, a context-dependent attacker can potentially execute arbitrary code.
(Description Provided by CVE) : Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
(Description Provided by CVE) : Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.
35mm Slide Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the imgdir variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
35mm Slide Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the w, h and t variables upon submission to the popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
By default, 360 Systems Image Server 2000 installs with default user credentials (username/password combination). The 'ADMINISTRATOR' account has a password of '3ware', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
360 Web Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker accesses the HTML source code of the adm/barra/assetmanager/assetmanager.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
360 Web Manager contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the adm/barra/assetmanager/assetmanager.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an unspecified parameter. This directory traversal attack would allow the attacker to list or delete arbitrary files.
360 Web Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the webpages-form-led-edit.php script not properly sanitizing user-supplied input to the 'IDFM' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
389 Directory Server contains a flaw in the get_ldapmessage_controls_ext() function that may allow a remote denial of service. The issue is triggered when handling LDAP control data. With a specially crafted LDAP control sequence with a zero length, a remote attacker can crash the server.
389 Directory Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by LDAP during password change operations, which will disclose unhashed password information to an attacker with access to network traffic between the LDAP server and the user.
389 Directory Server contains a flaw in the do_search function in ldap/servers/slapd/search.c that may lead to the unauthorized disclosure of sensitive information. The issue is triggered when handling a specially crafted LDAP search. This may allow a remote attacker to gain access to potentially sensitive information.
389 Directory Server contains a flaw that is triggered during the handling of a modifyRDN operation. This may allow a remote attacker to bypass the access control list when a DN entry is moved via the database modify RDN function.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.