Lionmax Software: Security Vulnerabilities
Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-05-02
Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
CVSS Score
5.0
EPSS Score
0.005
Published
2004-12-31
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
CVSS Score
7.1
EPSS Score
0.01
Published
2004-12-31
LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-07-27
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-02-17
WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-02-17
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
CVSS Score
7.5
EPSS Score
0.003
Published
2004-02-17