154 matches found
CVE-2020-13227
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
CVE-2020-13227
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
Authentication flaw
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
Cross site scripting
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
Design/Logic Flaw
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...
CVE-2020-13227
CVE-2020-13227 concerns Sysax Multi Server 6.90. The vulnerability arises in the web server component where triggering an invalid path permission error bypasses the fakepath protection, allowing an attacker to determine the username under which the server is running. Affected product: Sysax Multi...
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter...
CVE-2020-13228
CVE-2020-13228 affects Sysax Multi Server 6.90. The issue is a reflected Cross-Site Scripting vulnerability via the /scgi sid parameter, caused by insufficient validation in the web application. It allows execution of client-side scripts in a victim’s browser. Public references include a PoC/expl...
CVE-2020-13229
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token...
CVE-2020-13229
Sysax Multi Server 6.90 is affected by CVE-2020-13229, where an attacker can hijack a session by observing the sid authentication token in any /scgi URI. The vulnerability directly exposes session confidentiality and integrity, as the sid value acts as an authentication token. NVD reports CVSS v3...
Sysax Multi Server Denial of Service Vulnerability
Sysax Multi Server is an SSH2 and FTP server for Windows. A denial of service vulnerability exists in Sysax Multi Server. An attacker could exploit the vulnerability to crash the program...
Sysax Multi Server 5.50 - Denial of Service (PoC)
Sysax Multi Server 5.50 - Denial of Service PoC Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Google Dork: NA Date: 2020-01-20 Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi...
Sysax Multi Server 5.50 Denial Of Service
Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Google Dork: NA Date: 2020-01-20 Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi Server 5.50 Tested on: WIndow 7 CVE : if...
Sysax Multi Server 5.50 - Denial of Service Exploit
Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi Server 5.50 Tested on: WIndow 7 CVE : if applicable 1 Download software install i...
Sysax Multi Server 5.50 - Denial of Service (PoC)
Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Google Dork: NA Date: 2020-01-20 Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi Server 5.50 Tested on: WIndow 7 CVE : if...
Sysax Multi Server 6.50 - HTTP File Share SEH Overflow RCE Exploit
No description provided by source...
Sysax Multi Server 6.50 远程代码执行漏洞
No description provided by source...
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution (SEH)
Sysax Multi Server 6.50 - HTTP File Share Overflow Remote Code Execution SEH Exploit Title: Sysax Multi Server 6.50 HTTP File Share SEH Overflow RCE Exploit Date: 03/21/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.sysax.com/ Vulnerable Version Download...
Sysax Multi Server 6.50 SEH Overflow
Exploit Title: Sysax Multi Server 6.50 HTTP File Share SEH Overflow RCE Exploit Date: 03/21/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.sysax.com/ Vulnerable Version Download: http://download.cnet.com/Sysax-Multi-Server/3000-21604-76171493.html 6.50 a...