Stefan Lochbihler

#18700of 53,633
14.3Total CVSS
Vulnerabilities · 3
Medium
3
PT-2006-2925
5.0
2006-04-20
Neon · Neon Responder · CVE-2006-1941
**Name of the Vulnerable Software and Affected Versions** Neon Responder version 5.4 for LANsurveyor **Description** The issue allows remote attackers to cause a denial of service, resulting in an application outage. This is achieved by sending a crafted Clock Synchronisation packet that triggers an access violation. **Recommendations** For Neon Responder version 5.4 for LANsurveyor, consider restricting access to the Clock Synchronisation packet handling functionality until a patch is available. As a temporary workaround, disabling the Clock Synchronisation feature may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2005-4540
5.0
2005-11-24
Phpcms · Phpcms · CVE-2005-3789
**Name of the Vulnerable Software and Affected Versions** phpwcms version 1.2.5 **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `form lang` parameter in "login.php" or the `imgdir` parameter in "random image.php". **Recommendations** For phpwcms version 1.2.5, avoid using the `form lang` parameter in "login.php" and the `imgdir` parameter in "random image.php" until a patch is available. Restrict access to "login.php" and "random image.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2005-4541
4.3
2005-11-24
Phpcms · Phpcms · CVE-2005-3790
**Name of the Vulnerable Software and Affected Versions** phpwcms version 1.2.5 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `i` and `text` parameters in the act newsletter.php file. **Recommendations** For phpwcms version 1.2.5, as a temporary workaround, consider restricting access to the act newsletter.php file until a patch is available. Avoid using the `i` and `text` parameters in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.