Lucene search

Web Server Security Vulnerabilities

cve

CVE-1999-1081

Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.

7.1AI Score

0.007EPSS

2002-01-15 05:00 AM

cve

CVE-2007-3956

TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.

6.9AI Score

0.072EPSS

2007-07-24 06:30 PM

cve

CVE-2007-4529

The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteS...

6.5AI Score

0.008EPSS

2007-08-25 12:17 AM

cve

CVE-2007-4530

Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html.

5.8AI Score

0.007EPSS

2007-08-25 12:17 AM

cve

CVE-2008-4533

Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

5.7AI Score

0.003EPSS

2008-10-10 10:30 AM

cve

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "...

9.8CVSS

9.8AI Score

0.047EPSS

2017-11-24 07:29 AM

cve

CVE-2017-6025

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow...

9.8CVSS

9.4AI Score

0.002EPSS

2017-05-19 03:29 AM

cve

CVE-2017-6027

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server...

9.8CVSS

9.6AI Score

0.007EPSS

2017-05-19 03:29 AM

cve

CVE-2020-7222

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges ...

5.3CVSS

5.5AI Score

0.001EPSS

2020-01-18 12:15 AM

133

cve

CVE-2021-30175

ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.

9.8CVSS

9.9AI Score

0.094EPSS

2021-04-13 02:15 PM

cve

CVE-2022-25322

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.

9.8CVSS

9.7AI Score

0.002EPSS

2022-02-18 05:15 PM

cve

CVE-2022-25323

ZEROF Web Server 2.0 allows /admin.back XSS.

6.1CVSS

6.2AI Score

0.001EPSS

2022-02-18 05:15 PM

112

cve

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

7.5CVSS

8AI Score

0.002EPSS

2022-06-24 08:15 AM