33 matches found
EUVD-2005-1419
Malware in sbrugna...
EUVD-2006-4189
Malware in sbrugna...
EUVD-2004-1506
Malware in sbrugna...
EUVD-2002-2195
Malware in sbrugna...
EUVD-2006-4190
Malware in sbrugna...
04WebServer cross-site scripting vulnerability
Overview 04WebServer, open source web server software, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
04WebServer directory traversal vulnerability
Overview 04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication. Impact A remote attacker could bypass a user authentication and view server files. Solution None...
CVE-2004-2661
Soft3304 04WebServer before 1.41 fails to properly validate requested file names, allowing remote attackers to obtain CGI source code. The issue is network-exploitable and leads to partial information disclosure (CGI source). No exploitation details or official fixes are provided in the supplied ...
CVE-2004-2661
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information CGI source code...
CVE-2004-2662
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service resource consumption or crash via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources...
CVE-2002-2216
CVE-2002-2216 affects Soft3304 04WebServer prior to 1.20. The issue is a flaw in how URL strings are processed, enabling remote attackers to obtain unspecified sensitive information. The connected documents do not provide a concrete fix or remediation steps. No exploitation details are documented...
CVE-2004-2662
The CVE-2004-2662 entry concerns Soft3304 04WebServer prior to 1.41. The vulnerability is a denial of service: sending certain data related to OpenSSL can cause a thread to terminate while resources remain allocated, potentially leading to resource exhaustion. Publicly available details are limit...
CVE-2006-4199
CVE-2006-4199 describes a cross-site scripting (XSS) vulnerability in Soft3304 04WebServer, affected versions 1.83 and earlier. The root cause is that user-supplied URL content is not properly sanitized before being echoed in an error page, allowing an attacker to inject arbitrary web script or H...
CVE-2006-4199
Cross-site scripting XSS vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512...
CVE-2006-4200
This CVE (CVE-2006-4200) affects 04WebServer 1.83 and earlier. A vulnerability in request processing allows remote attackers to bypass user authentication, potentially enabling access to server files without credentials. The JVN entry confirms a directory traversal-style bypass of authentication ...
CVE-2005-1416
The CVE-2005-1416 entry concerns 04WebServer 1.81 with a directory traversal vulnerability that lets remote attackers read files outside the web root but inside the installation folder. The issue is remote, of low attack complexity, and does not require authentication (per CVSS metrics: AV NETWOR...
CVE-2004-1512
Cross-site scripting XSS vulnerability in Responsedefault.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page...
CVE-2004-1513
04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries...
CVE-2004-1514
04WebServer 1.42 allows remote attackers to cause a denial of service fail to restart properly via an HTTP request for an MS-DOS device name such as COM2...
CVE-2004-1514
04WebServer 1.42 is affected by a DoS vulnerability triggered by an HTTP request for an MS-DOS device name (e.g., COM2), causing the server to fail to restart properly. The CVE entry notes a partial availability impact. No additional exploit details or fixes are provided in the connected documents.