Lucene search
K

104 matches found

Packet Storm
Packet Storm
added 2021/02/11 12:0 a.m.238 views

Openlitespeed WebServer 1.7.8 Command Injection

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated 2 Date: 26/1/2021 Exploit Author: Metin Yunus Kandemir Discovered by: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/11 12:0 a.m.238 views

Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated 2 Date: 26/1/2021 Exploit Author: Metin Yunus Kandemir Discovered by: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 import...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/27 12:0 a.m.230 views

Openlitespeed Web Server 1.7.8 Command Injection

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/01/08 12:0 a.m.2 views

LiteSpeed Technologie OpenLiteSpeed WebAdmin Console Code Execution Vulnerability

LiteSpeed Technologie OpenLiteSpeed is LiteSpeed Technologie's open source Web server . WebAdmin Console is one of the Web-based management console program . A security vulnerability exists in WebAdmin Console in LiteSpeed Technologie OpenLiteSpeed versions prior to 1.6.5. An attacker can exploit...

9.8CVSS7AI score0.01197EPSS
Exploits0References1
OSV
OSV
added 2020/01/06 1:15 p.m.16 views

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

9.8CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2020/01/06 1:15 p.m.24 views

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

9.8CVSS9.5AI score0.01197EPSS
Exploits0References2
Prion
Prion
added 2020/01/06 1:15 p.m.16 views

Design/Logic Flaw

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

7.5CVSS9.3AI score0.01197EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/06 12:54 p.m.27 views

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

9.5AI score0.01197EPSS
Exploits0References2
CVE
CVE
added 2020/01/06 12:54 p.m.73 views

CVE-2020-5519

The CVE-2020-5519 issue affects OpenLiteSpeed’s WebAdmin Console prior to 1.6.5, where URL validation in the Server Configuration > External App screen is insufficient. This is documented across multiple sources as enabling potential code execution via the WebAdmin Console. A fixed version is ...

9.8CVSS9.4AI score0.01197EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/12/04 12:0 a.m.7 views

LiteSpeed OpenLiteSpeed Buffer Overflow Vulnerability

LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A buffer overflow vulnerability exists in versions prior to LiteSpeed OpenLiteSpeed 1.5.0 RC6, which can be exploited by a local attacker to cause a denial of service by creating a symbolic link...

6.7CVSS6.5AI score0.00428EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/04 12:0 a.m.4 views

LiteSpeed OpenLiteSpeed Denial of Service Vulnerability

LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A denial of service vulnerability exists in LiteSpeed OpenLiteSpeed versions prior to 1.5.0 RC6, which stems from the program's failure to properly handle requests for sequences of bytes, and can be exploited to cause a denial of...

6.5CVSS6.4AI score0.01239EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 6:29 a.m.16 views

Design/Logic Flaw

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

4CVSS6.4AI score0.01239EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/03 6:29 a.m.14 views

CVE-2018-19791

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

6.5CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2018/12/03 6:29 a.m.14 views

CVE-2018-19791

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

6.5CVSS6.5AI score0.01239EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 6:29 a.m.14 views

Buffer overflow

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service buffer overflow or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name involving ../ characters, which is...

4.6CVSS7.1AI score0.00428EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/03 6:0 a.m.14 views

CVE-2018-19792

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service buffer overflow or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name involving ../ characters, which is...

7.1AI score0.00428EPSS
Exploits1References1
CVE
CVE
added 2018/12/03 6:0 a.m.41 views

CVE-2018-19792

The vulnerability CVE-2018-19792 affects LiteSpeed OpenLiteSpeed before 1.5.0 RC6. A buffer overflow in the server path resolution (LshttpdMain::getServerRootFromExecutablePath) can be triggered by creating a symlink with a long command name (involving ../../) and allows a local attacker to cause...

6.7CVSS7AI score0.00428EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/03 6:0 a.m.14 views

CVE-2018-19791

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

6.5AI score0.01239EPSS
Exploits1References1
CVE
CVE
added 2018/12/03 6:0 a.m.50 views

CVE-2018-19791

LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...

6.5CVSS6.4AI score0.01239EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/10/04 12:0 a.m.4 views

Open Litespeed Memory Misreference Vulnerability

Open Litespeed is a high-performance , lightweight , open source HTTP server of the United States LiteSpeed Inc. Open Litespeed suffers from a memory misreference vulnerability that allows remote attackers to exploit the vulnerability by submitting a special file and tricking the application into...

7.5CVSS7.6AI score0.01059EPSS
Exploits0References1
Rows per page
Query Builder