30 matches found
CVE-2007-2266
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...
CVE-2007-2266
Progress Webspeed Messenger is affected by a vulnerability where an attacker can remotely read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated through the save, editor options usin...
webspeed-exec.txt
Because of a flaw in cpyfile.p which is a default installed file it is possible to gain full control of a machine running Progress Webspeed Messenger. You can access, change and edit allmost any file on the server running the Webspeed Messenger even when the workshop is disabled. First you have t...
Progress Webspeed exploit for all releases
Because of a flaw in cpyfile.p which is a default installed file it is possible to gain full control of a machine running Progress Webspeed Messenger. You can access, change and edit allmost any file on the server running the Webspeed Messenger even when the workshop is disabled. First you have t...
Progress 3.1 - Webspeed _CPYFile.P Unauthorized Access
Progress 3.1 - Webspeed CPYFile.P Unauthorized Access source: https://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute...
Progress 3.1 - Webspeed _CPYFile.P Unauthorized Access
source: https://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed code on the host running the webserve...
CVE-2000-0127
CVE-2000-0127 affects Webspeed: the configuration program fails to disable access to the WSMadmin utility, enabling remote attackers to gain privileges via wsisa.dll. The vulnerability is triggered by unauthenticated access to the WSMadmin component, potentially allowing an attacker to take contr...
CVE-2000-0127
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll...
WebSpeed Messenger Administration Utility Unauthenticated Access
The remote web server appears to be using Webspeed, a website creation language used with database-driven websites. The version of Webspeed installed on the remote host allows anonymous access to the 'WSMadmin' utility, which is used configure Webspeed. An attacker can exploit this issue to gain...
CVE-2000-0127
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll...