Lucene search
K

115 matches found

Cvelist
Cvelist
added 2005/06/28 4:0 a.m.23 views

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

5.7AI score0.01733EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.17 views

CVE-2000-1225

Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program...

6.5AI score0.01299EPSS
Exploits1References1
CVE
CVE
added 2005/06/21 4:0 a.m.40 views

CVE-2001-1481

Xitami 2.4–2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose permissions are world-readable, enabling remote attackers to gain privileges. Affected versions: Xitami 2.4–2.5 b4. Root cause: plaintext password storage with insecure default file permissions. Impact...

10CVSS7.5AI score0.02901EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2005/06/21 4:0 a.m.48 views

CVE-2000-1225

CVE-2000-1225 affects Xitami 2.5b where the installer places testcgi.exe by default in the cgi-bin. Accessing this program can disclose sensitive web server configuration information to remote attackers. The accompanying metrics indicate a network-exposed, low-complexity vector with partial confi...

5CVSS6.9AI score0.01299EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.17 views

CVE-2001-1481

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges...

9.8AI score0.02901EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2004/07/26 12:0 a.m.230 views

Xitami testssi.ssi HTTP Header XSS

The remote Xitami server is distributed with a script for testing server-side includes, '/testssi.ssi'. This script is vulnerable to a cross-site scripting issue when sent a request with a malformed Host or User-Agent header. An attacker may exploit this flaw the steal the authentication...

5.4AI score
Exploits0References1
securityvulns
securityvulns
added 2004/07/23 12:0 a.m.50 views

XITAMI invalid request endless loop

If HTTP header doesn't contain ':' server goes into endless loop...

0.3AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2004/07/23 12:0 a.m.28 views

DOS@XitamiHTTPd

Application: Xitami Web Server Vendors: http://www.xitami.com/xiopen25.zip Version: v2.5c1 Platforms: Windows Bug: D.O.S Date: 2004-07-15 Author: CoolICE e-mail: CoolICEChina.com ================ Content: ---------------- TestCode: @echo off...

1.4AI score
Exploits0
0day.today
0day.today
added 2004/07/22 12:0 a.m.15 views

Xitami Web Server Denial of Service Exploit

Exploit for unknown platform in category dos / poc =========================================== Xitami Web Server Denial of Service Exploit =========================================== if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if n...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2004/07/22 12:0 a.m.53 views

Xitami Web Server - Denial of Service

if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.tmp nc -w 10 %1 %PORT% http.tmp del...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/07/22 12:0 a.m.24 views

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplied input. Successful exploitation o...

7AI score
Exploits0
seebug.org
seebug.org
added 2004/07/22 12:0 a.m.20 views

Xitami Web Server Denial of Service Exploit

No description provided by source. if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.tmp ...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2004/07/22 12:0 a.m.11 views

Xitami Web Server - Denial of Service

Xitami Web Server - Denial of Service if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.t...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/12/01 12:0 a.m.23 views

Xitami Malformed POST Request Infinite Loop Remote DoS

The remote host is running a vulnerable version of the Xitami web server. It is possible to freeze the remote web server by sending a malformed POST request. This is known to affect Xitami versions 2.5 and earlier. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11934;...

5.6AI score
Exploits0References1
securityvulns
securityvulns
added 2003/11/21 12:0 a.m.30 views

[Full-Disclosure] Xitami Denial of Service in Handling malformed request

Xitami Denial of Service in Handling malformed request ================================================= PROGRAM: Xitami HOMEPAGE: http://www.xitami.com VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= LiteServe is a very powerful, full-featured,...

7.2AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.19 views

CVE-2002-1942

Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service crash via a large number of concurrent sessions...

5CVSS6.8AI score0.01697EPSS
Exploits1References4
NVD
NVD
added 2002/12/31 5:0 a.m.18 views

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

4.3CVSS5.7AI score0.01733EPSS
Exploits1References3
securityvulns
securityvulns
added 2002/06/17 12:0 a.m.19 views

ALERT: Xitami 2.5b5

I have notified iMatix via [email protected] of multiple flaws in the GSL templates of Xitami 2.5 Beta. The e-mail was sent out today, so I will release technical details later on, but I did want to release a workaround: In defaults.cfg, users can set "use-error-script" in the "Server" section t...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2002/06/17 12:0 a.m.28 views

Xitami GSL problems

No description provided...

1.4AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2002/06/14 12:0 a.m.36 views

Imatix Xitami 2.5 - GSL Template Cross-Site Scripting

source: https://www.securityfocus.com/bid/5025/info Imatix Xitami is a webserver for Microsoft Windows operating systems. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. Xitami fails to check URLs for the presence of script commands wh...

7.4AI score
Exploits0
Rows per page
Query Builder