FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rhinosoft | ftp_voyager | * |
Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rhinosoft | dns4me | 3.0.0.4 |
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rhinosoft | dns4me | 3.0.0.4 |
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rhinosoft | zaep_antispam | 2.0_.0.1 |
| rhinosoft | zaep_antispam | 2.0 |
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rhinosoft | serv-u | 9.0.0.5 |
Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rhinosoft | ftp_voyager | 15.0.0.0 |
| rhinosoft | ftp_voyager | 15.1.0.3 |
| rhinosoft | ftp_voyager | 15.2.0.0 |
| rhinosoft | ftp_voyager | 15.0.0.3 |
| rhinosoft | ftp_voyager | 15.0.0.1 |
| rhinosoft | ftp_voyager | 15.1.0.4 |
| rhinosoft | ftp_voyager | * |
| rhinosoft | ftp_voyager | 15.0.0.2 |
| rhinosoft | ftp_voyager | 15.2.0.4 |
| rhinosoft | ftp_voyager | 15.2.0.6 |
| rhinosoft | ftp_voyager | 15.2.0.2 |
| rhinosoft | ftp_voyager | 15.2.0.9 |
| rhinosoft | ftp_voyager | 15.1.0.0 |
| rhinosoft | ftp_voyager | 15.1.0.1 |
| rhinosoft | ftp_voyager | 15.1.0.2 |
| rhinosoft | ftp_voyager | 15.2.0.8 |