formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.Referenceshttps://www.exploit-db.com/exploits/3056http://www.securityfocus.com/bid/21841https://exchange.xforce.ibmcloud.com/vulnerabilities/31216http://secunia.com/advisories/23539
