CVE-2002-2429

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service daemon crash via an HTTP POST request that contains a negative integer in the Content-Length header...

CVE-2002-2428

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an HTTP POST request that contains a Content-Length header but no body data...

CVE-2002-2427

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603...

CVE-2002-2095

Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using 1 index.webroot and 2 index.ipallow...

CVE-2025-46412

Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication...

CVE-2005-0574

Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. dot dot sequences in the URL...

CVE-2025-46412 Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel

Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication...

CVE-2025-46412

Vertices Vertiv Liebert RDU101 and UNITY are affected by a stack-based buffer overflow in the webserver functionality that could allow an attacker to bypass authentication and gain code execution on the device. This vulnerability, described in CVE-2025-46412, is labeled CRITICAL (CVSS v3.1/4.0) w...

CVE-2025-46412 Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel

Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication...

CVE-1999-0474

The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory...

PT-2025-22426

Name of the Vulnerable Software and Affected Versions Vertiv affected versions not specified Description The issue concerns Vertiv products that do not properly protect webserver functions, potentially allowing an attacker to bypass authentication. Recommendations At the moment, there is no...

CVE-2025-2875

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources...

CVE-2025-2875

The CVE-2025-2875 entry concerns Schneider Electric Modicon Controllers: M241/M251 (pre-5.3.12.48) and M258/LMC058 (all versions) are affected by CWE-610, allowing an unauthenticated attacker to manipulate the controller’s webserver URL to access resources, leading to confidentiality loss. The PT...

CVE-2025-2875

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources...

CVE-2025-2875

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources...

PT-2025-21143 · Schneider Electric · Modicon Controllers M241 +3

Name of the Vulnerable Software and Affected Versions: Modicon Controllers M241 / M251 versions prior to 5.3.12.48 Modicon Controllers M258 / LMC058 all versions Description: A vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates the...

CVE-2025-3847

A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack...

CVE-2025-3845

A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of the file code/buffer/buffer.cpp. The manipulation of the argument writePos leads to buffer overflow. The attack can be launched...

CVE-2025-3846

A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The...

CVE-2025-3847

A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack...