GHSA-CGJV-RGHQ-QHGP Path Traversal in algo-httpserv

Versions of algo-httpserv prior to 1.1.2 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.1.2 or later...

Directory Traversal

algo-httpserv is vulnerable to directory traversal. A lack of validation in the URI allows a remote attacker to inject ../ characters in the URI to retrieve system files such as /etc/passwd, or potentially cause a system crash by accessing /dev/null...

CVE-2017-17974

BA SYSTEMS BAS Web on BAS920 devices with Firmware 01.01.00, HTTPserv 00002, and Script 02. and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/getsidjs.aspx or isc/getsid.aspx, as demonstrated by obtaining administrative access by subsequently using...

CVE-2017-17974

BA SYSTEMS BAS Web on BAS920 devices with Firmware 01.01.00, HTTPserv 00002, and Script 02. and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/getsidjs.aspx or isc/getsid.aspx, as demonstrated by obtaining administrative access by subsequently using...