3 matches found
Buffer overflow
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfilename1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash...
Design/Logic Flaw
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
CVE-2020-13228
CVE-2020-13228 affects Sysax Multi Server 6.90. The issue is a reflected Cross-Site Scripting vulnerability via the /scgi sid parameter, caused by insufficient validation in the web application. It allows execution of client-side scripts in a victim’s browser. Public references include a PoC/expl...