Strider

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit user endpoint, which execute in the browsers of users viewing the affected profile after submission.

**Name of the Vulnerable Software and Affected Versions** MiniFtp (affected versions not specified) **Description** A buffer overflow exists in the `parseconf load setting()` function. Local attackers can execute arbitrary code with root privileges by providing oversized configuration values in a 'miniftpd.conf' file. Specifically, values exceeding 128 bytes can overflow stack buffers and overwrite the return address. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InoERP version 0.7.2 **Description** InoERP version 0.7.2 has a persistent cross-site scripting issue in the comment section. Unauthenticated attackers can inject malicious scripts, such as JavaScript payloads, through comments. These scripts execute in other users' browsers, potentially leading to the theft of cookies and session information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the comment section until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress Server Log Viewer version 1.0 **Description** The software contains a persistent cross-site scripting issue that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files containing XSS payloads that will execute when viewed within the WordPress admin interface. The vulnerability allows for the injection of scripts through the `logfile` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YATinyWinFTP (affected versions not specified) **Description** A denial of service issue exists where attackers can crash the FTP service by connecting and sending a malformed command. Specifically, sending a 272-byte buffer with a trailing space triggers a buffer overflow, leading to a service crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.