199 matches found
Codeorigin Sysax Multi Server Denial of Service Vulnerability
Codeorigin Sysax Multi Server is an FTP File Transfer Protocol server and Shell server for Windows from Codeorigin USA. A cross-site scripting vulnerability exists in Codeorigin Sysax Multi Server version 6.90. The vulnerability stems from the WEB application's lack of proper validation of client...
CVE-2020-23574
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfilename1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash...
Buffer overflow
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfilename1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash...
CVE-2020-23574
Sysax Multi Server 6.90 is affected. An authenticated user can modify the filename="" parameter in the uploadfile_name1.htm upload form to reach 368+ bytes, triggering a buffer overflow that causes the application to crash. Root cause is a overflow in handling long filenames during file upload. N...
CVE-2020-23574
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfilename1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash...
Codeorigin Sysax Multi Server Authorization Issues Vulnerability
Codeorigin Sysax Multi Server is an FTP File Transfer Protocol server and Shell server for Windows from Codeorigin USA. An authorization issue vulnerability exists in Codeorigin Sysax Multi Server version 6.90. The vulnerability can be exploited by an attacker to access other user sessions with t...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
CVE-2020-13227
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
CVE-2020-13227
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
Authentication flaw
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
Cross site scripting
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
Design/Logic Flaw
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
CVE-2020-13227
CVE-2020-13227 concerns Sysax Multi Server 6.90. The vulnerability arises in the web server component where triggering an invalid path permission error bypasses the fakepath protection, allowing an attacker to determine the username under which the server is running. Affected product: Sysax Multi...
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
CVE-2020-13228
CVE-2020-13228 affects Sysax Multi Server 6.90. The issue is a reflected Cross-Site Scripting vulnerability via the /scgi sid parameter, caused by insufficient validation in the web application. It allows execution of client-side scripts in a victim’s browser. Public references include a PoC/expl...
CVE-2020-13229
Sysax Multi Server 6.90 is affected by CVE-2020-13229, where an attacker can hijack a session by observing the sid authentication token in any /scgi URI. The vulnerability directly exposes session confidentiality and integrity, as the sid value acts as an authentication token. NVD reports CVSS v3...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
Sysax Multi Server Denial of Service Vulnerability
Sysax Multi Server is an SSH2 and FTP server for Windows. A denial of service vulnerability exists in Sysax Multi Server. An attacker could exploit the vulnerability to crash the program...