MidnightBSD

Advisories for lionmax_software

CVE-2004-0059 MEDIUM

Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lionmax_software www_file_share_pro *
CVE-2004-0060 MEDIUM

WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lionmax_software www_file_share_pro *
CVE-2004-0061 HIGH

WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lionmax_software www_file_share_pro *
CVE-2004-0741 MEDIUM

LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lionmax_software www_file_share_pro 2.6
lionmax_software www_file_share_pro 2.42
lionmax_software www_file_share_pro 2.46
lionmax_software www_file_share_pro 2.40
lionmax_software www_file_share_pro 2.41
CVE-2004-2724 HIGH

LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lionmax_software chat_anywhere 2.72a
CVE-2005-0522 MEDIUM

Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lionmax_software chat_anywhere 2.72a