70 matches found
CVE-2004-0465
OpenConnect WebConnect (WebConnect 6.4.4, 6.5 and possibly earlier) is vulnerable to a read-only directory traversal in the jretest.html page. By sending a crafted request that abuses the WCP_USER parameter (using ..// sequences), an attacker can read INI-style files outside the webroot and view ...
CVE-2004-0466
The CVE-2004-0466 issue affects OpenConnect WebConnect (Windows) versions 6.4.4 and 6.5 (and possibly earlier). A denial-of-service vulnerability occurs when an HTTP request URL contains an MS-DOS device name (AUX, CON, PRN, COM1, LPT1); the server may stop responding to further requests, causing...
CVE-2004-0465
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCPUSER parameter...
WebConnect Multiple Remote Vulnerabilities (deprecated)
Binary data 2639.prm...
[Full-Disclosure] The WebConnect 6.4.4 and 6.5 contains several vulnerabilities
The WebConnect 6.4.4 and 6.5 contains several vulnerabilities such as: - Denial of Service when requesting an DOS Device in Path Name - Reading of files outside webroot Directory traversal Requesting "DOS Device in Path Name" Denial of Service When requesting a DOS device in the URL the server wi...
OpenConnect WebConnect 6.46.5 - jretest.html Traversal Arbitrary File Access
OpenConnect WebConnect 6.46.5 - jretest.html Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/12613/info OpenConnect WebConnect is reported prone to multiple vulnerabilities. The following individual issues are reported: WebConnect is reported prone to a remote denial of...
OpenConnect Webconnect read-only directory traversal vulnerability in jretest.html
Overview OpenConnect Webconnect contains a read-only directory traversal vulnerability in the file jretest.html. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running o...
OpenConnect Webconnect MS-DOS device name denial-of-service
Overview OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1...
CVE-2004-0465
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCPUSER parameter...
CVE-2004-0466
WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service hang via a URL containing an MS-DOS device name such as 1 AUX, 2 CON, 3 PRN, 4 COM1, or 5 LPT1...