6 matches found
CVE-2001-0303
Pi3Web 1.0.1 isapi: tstisapi.dll leakage allows remote attackers to determine the server’s physical path by requesting a non-existent file, an information disclosure vulnerability. The Nessus plugin additionally notes that the /isapi/tstisapi.dll CGI has a well-known flaw that can allow arbitrary...
CVE-2001-0302
Pi3Web 1.0.1 is vulnerable via the ISAPI extension tstisapi.dll. A buffer overflow triggered by a long URL allows remote attackers to cause denial of service and potentially execute arbitrary commands; the CGI runs with the HTTP service privileges and can disclose the web-root path. Remediation m...
CVE-2002-0142
Pi3Web CGI handler in Windows 2.0 beta 1/2 is vulnerable to a denial of service through very long CGI parameters; vendors indicate FIX in Pi3Web
CVE-2003-0276
Pi3Web 2.0.1 is affected by CVE-2003-0276 due to a buffer overflow triggered by a GET request containing a large number of forward slashes, allowing remote DoS and potentially arbitrary code execution. The Nessus plugin corroborates an HTTP GET overflow and suggests upgrading to Pi3Web 2.0.2 beta...
CVE-2003-1032
CVE-2003-1032 affects Pi3Web web server 2.0.2 Beta 1: when Directory Index is set to the Name column and sorted by the column title as a hyperlink, a malformed URL can cause a remote denial of service (crash), possibly involving a buffer overflow. No further exploit details or fixes are provided ...
CVE-2002-0433
The CVE-2002-0433 entry concerns Pi3Web 2.0.0 where remote attackers can view restricted files by issuing an HTTP request containing a wildcard character ("*"). This is an unauthorized disclosure vulnerability via crafted requests, as described in NVD and CVE records. Connected documents confirm ...