5 matches found
CVE-2010-2333
LiteSpeed Web Server 4.0.x prior to 4.0.15 is affected by CVE-2010-2333: an HTTP request containing a null byte followed by .txt can disclose the source code of scripts. This vulnerability enables an attacker to read server-side script sources, potentially exposing sensitive information. Impact i...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2012-4871
CVE-2012-4871 affects LiteSpeed Web Server 4.1.11, with an XSS in the administrator panel via the gtitle parameter of service/graph_html.php. The vulnerability allows remote attackers to inject arbitrary web scripts/HTML. Documents do not provide exploitation details or a confirmed patch; remedia...
CVE-2025-54939
CVE-2025-54939 affects the LiteSpeed QUIC (LSQUIC) Library prior to 4.3.1, where a memory leak in the lsquic_engine_packet_in path can cause linear memory growth and potential DoS. The vulnerability is triggered by mis-handling coalesced QUIC Initial packets before a handshake, leading to memory ...
CVE-2026-31386
OpenLiteSpeed and LSWS Enterprise (LiteSpeed Technologies) are affected by CVE-2026-31386, an OS command injection (CWE-78). The vulnerability allows an arbitrary OS command to be executed by an attacker with administrative privileges. Public sources corroborate impact as arbitrary command execut...