33 matches found
EUVD-2002-2195
Malware in sbrugna...
EUVD-2006-4190
Malware in sbrugna...
EUVD-2006-4189
Malware in sbrugna...
EUVD-2004-1506
Malware in sbrugna...
EUVD-2005-1419
Malware in sbrugna...
04WebServer cross-site scripting vulnerability
Overview 04WebServer, open source web server software, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...
04WebServer directory traversal vulnerability
Overview 04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication. Impact A remote attacker could bypass a user authentication and view server files. Solution None...
CVE-2002-2216
CVE-2002-2216 affects Soft3304 04WebServer prior to 1.20. The issue is a flaw in how URL strings are processed, enabling remote attackers to obtain unspecified sensitive information. The connected documents do not provide a concrete fix or remediation steps. No exploitation details are documented...
CVE-2004-2662
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service resource consumption or crash via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources...
CVE-2004-2662
The CVE-2004-2662 entry concerns Soft3304 04WebServer prior to 1.41. The vulnerability is a denial of service: sending certain data related to OpenSSL can cause a thread to terminate while resources remain allocated, potentially leading to resource exhaustion. Publicly available details are limit...
CVE-2004-2661
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information CGI source code...
CVE-2004-2661
Soft3304 04WebServer before 1.41 fails to properly validate requested file names, allowing remote attackers to obtain CGI source code. The issue is network-exploitable and leads to partial information disclosure (CGI source). No exploitation details or official fixes are provided in the supplied ...
CVE-2006-4199
Cross-site scripting XSS vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512...
CVE-2006-4199
CVE-2006-4199 describes a cross-site scripting (XSS) vulnerability in Soft3304 04WebServer, affected versions 1.83 and earlier. The root cause is that user-supplied URL content is not properly sanitized before being echoed in an error page, allowing an attacker to inject arbitrary web script or H...
CVE-2006-4200
This CVE (CVE-2006-4200) affects 04WebServer 1.83 and earlier. A vulnerability in request processing allows remote attackers to bypass user authentication, potentially enabling access to server files without credentials. The JVN entry confirms a directory traversal-style bypass of authentication ...
CVE-2005-1416
The CVE-2005-1416 entry concerns 04WebServer 1.81 with a directory traversal vulnerability that lets remote attackers read files outside the web root but inside the installation folder. The issue is remote, of low attack complexity, and does not require authentication (per CVSS metrics: AV NETWOR...
CVE-2004-1513
The CVE-2004-1513 entry concerns 04WebServer 1.42, where log-writing data is not properly filtered, allowing remote attackers to inject carriage return characters and spoof log entries. The issue affects the logging component, enabling log tampering without affecting other content. The provided s...
CVE-2004-1514
04WebServer 1.42 is affected by a DoS vulnerability triggered by an HTTP request for an MS-DOS device name (e.g., COM2), causing the server to fail to restart properly. The CVE entry notes a partial availability impact. No additional exploit details or fixes are provided in the connected documents.
CVE-2004-1512
CVE-2004-1512 affects 04WebServer 1.42 via an XSS in Response_default.html. The vulnerability allows remote attackers to execute arbitrary script/HTML because URL script code is not quoted in the resulting default error page. Connected documents confirm this as the issue, but do not provide explo...
CVE-2004-1514
04WebServer 1.42 allows remote attackers to cause a denial of service fail to restart properly via an HTTP request for an MS-DOS device name such as COM2...