Xitami Webserver stores admin password in clear text.

I am releasing this a bit early as the vendor has been aware of this issue for a while now. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vapid Labs Larry W. Cashdollar Xitami Webserver clear text password storage vulnerability. Date Published: 11/23/2001 Advisory ID: 11232001-02 Title: Xitami...

Advisory for Xitami 2.4d7, 2.5d4

Advisory for Xitami 2.4d7, 2.5d4 Xitami is made by Imatix. Site: http://xitami.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0105 /-|=explanation=|- Xitami is a webserver. It has a denial of service. /-|=who is vulnerable=|- Anyone running Xitami 2.5d4, 2.4d7 and...

Re: Denial of Service in Xitami webserver all versions...

Xitami also has an overflow in one of the default example CGI programs that it comes with. http://server.com/cgi-bin/TESTCGI.EXE bla bla bla overflow argv fun. Signed, Marc eEye Digital Security http://www.eEye.com "Its a bullshit, three ring, circus sideshow. The only way to fix it is to flush i...

Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows.

Anyone can remotely crash Xitami webserver by sending simple GET command. On remote side will be: Assertion Failed! Module: D:ImatixDevelopSmtSmthttpl.c , line 745 All you need to do is just telnet to remote computer and execute GETspaceenterenter command. Also Xitami will crash if you'll execute...