104 matches found
Openlitespeed WebServer 1.7.8 Command Injection
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated 2 Date: 26/1/2021 Exploit Author: Metin Yunus Kandemir Discovered by: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 import...
Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated 2 Date: 26/1/2021 Exploit Author: Metin Yunus Kandemir Discovered by: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 import...
Openlitespeed Web Server 1.7.8 Command Injection
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...
LiteSpeed Technologie OpenLiteSpeed WebAdmin Console Code Execution Vulnerability
LiteSpeed Technologie OpenLiteSpeed is LiteSpeed Technologie's open source Web server . WebAdmin Console is one of the Web-based management console program . A security vulnerability exists in WebAdmin Console in LiteSpeed Technologie OpenLiteSpeed versions prior to 1.6.5. An attacker can exploit...
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
Design/Logic Flaw
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...
CVE-2020-5519
The CVE-2020-5519 issue affects OpenLiteSpeed’s WebAdmin Console prior to 1.6.5, where URL validation in the Server Configuration > External App screen is insufficient. This is documented across multiple sources as enabling potential code execution via the WebAdmin Console. A fixed version is ...
LiteSpeed OpenLiteSpeed Buffer Overflow Vulnerability
LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A buffer overflow vulnerability exists in versions prior to LiteSpeed OpenLiteSpeed 1.5.0 RC6, which can be exploited by a local attacker to cause a denial of service by creating a symbolic link...
LiteSpeed OpenLiteSpeed Denial of Service Vulnerability
LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A denial of service vulnerability exists in LiteSpeed OpenLiteSpeed versions prior to 1.5.0 RC6, which stems from the program's failure to properly handle requests for sequences of bytes, and can be exploited to cause a denial of...
Design/Logic Flaw
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...
CVE-2018-19791
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...
CVE-2018-19791
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...
Buffer overflow
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service buffer overflow or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name involving ../ characters, which is...
CVE-2018-19792
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service buffer overflow or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name involving ../ characters, which is...
CVE-2018-19792
The vulnerability CVE-2018-19792 affects LiteSpeed OpenLiteSpeed before 1.5.0 RC6. A buffer overflow in the server path resolution (LshttpdMain::getServerRootFromExecutablePath) can be triggered by creating a symlink with a long command name (involving ../../) and allows a local attacker to cause...
CVE-2018-19791
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...
CVE-2018-19791
LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...
Open Litespeed Memory Misreference Vulnerability
Open Litespeed is a high-performance , lightweight , open source HTTP server of the United States LiteSpeed Inc. Open Litespeed suffers from a memory misreference vulnerability that allows remote attackers to exploit the vulnerability by submitting a special file and tricking the application into...