Netjackal

**Name of the Vulnerable Software and Affected Versions** Neptune Web Server version 3.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the URI. This occurs because the URI is not properly handled in the 404 error page. **Recommendations** For Neptune Web Server version 3.0, update the handling of URIs in the 404 error page to properly sanitize input and prevent the injection of arbitrary web script or HTML.

**Name of the Vulnerable Software and Affected Versions** PHP (affected versions not specified) **Description** The issue concerns the perl extension in PHP, which does not adhere to safe mode restrictions. This allows attackers to execute arbitrary code through the Perl eval function in certain contexts. It is noted that this might only pose a risk in limited environments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP version 5.0.5 **Description** The issue allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL, such as kernel32.dll, and calling a function, for example, the WinExec function, due to the Foreign Function Interface (ffi) extension not following safe mode restrictions. **Recommendations** For PHP version 5.0.5, consider disabling the Foreign Function Interface (ffi) extension as a temporary workaround until a patch is available. Restrict access to arbitrary DLLs to minimize the risk of exploitation. Avoid using the ffi extension to load and call functions from arbitrary DLLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP version 5.2.3 **Description** A buffer overflow issue exists in the mSQL extension, allowing attackers to execute arbitrary code by providing a long first argument to the `msql connect` function. **Recommendations** For PHP version 5.2.3, consider disabling the mSQL extension as a temporary workaround until a patch is available. Restrict access to the `msql connect` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Easy Chat Server versions 1.2 through 2.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a server crash. This can be achieved by providing a long `username` parameter, possibly due to a buffer overflow. Recommendations: For Easy Chat Server versions 1.2 through 2.2, consider restricting the length of the `username` parameter to prevent the server crash until a patch is available.