m-phorum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'go' variable. This may allow an attacker to include a file either locally or from a remote host that may contain arbitrary commands which will be executed by the vulnerable script.
m-phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'go' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
M-Player contains a flaw that may allow for a denial of service. The issue is triggered when a user opens a malformed MP3 file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).
m0n0wall contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
m0n0wall contains multiple unspecified flaws that allow remote cross-site scripting (XSS) attacks. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.
Maarch contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an unspecified error when accessing documents, which will disclose the content of certain documents resulting in a loss of confidentiality.
Maarch contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'login' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
A remote overflow exists in FTPServer/X. The program fails to bounds check arguments to the mkdir command resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the server resulting in a loss of confidentiality, integrity, and/or availability.
FTPServer/X is prone to an overflow condition as it fails fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With e.g. a specially crafted "USER" or invalid FTP request, a remote attacker can cause a DoS and potentially execute code.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.