9 matches found
CVE-2005-1416
The CVE-2005-1416 entry concerns 04WebServer 1.81 with a directory traversal vulnerability that lets remote attackers read files outside the web root but inside the installation folder. The issue is remote, of low attack complexity, and does not require authentication (per CVSS metrics: AV NETWOR...
CVE-2002-2216
CVE-2002-2216 affects Soft3304 04WebServer prior to 1.20. The issue is a flaw in how URL strings are processed, enabling remote attackers to obtain unspecified sensitive information. The connected documents do not provide a concrete fix or remediation steps. No exploitation details are documented...
CVE-2004-2661
Soft3304 04WebServer before 1.41 fails to properly validate requested file names, allowing remote attackers to obtain CGI source code. The issue is network-exploitable and leads to partial information disclosure (CGI source). No exploitation details or official fixes are provided in the supplied ...
CVE-2004-1512
CVE-2004-1512 affects 04WebServer 1.42 via an XSS in Response_default.html. The vulnerability allows remote attackers to execute arbitrary script/HTML because URL script code is not quoted in the resulting default error page. Connected documents confirm this as the issue, but do not provide explo...
CVE-2004-2662
The CVE-2004-2662 entry concerns Soft3304 04WebServer prior to 1.41. The vulnerability is a denial of service: sending certain data related to OpenSSL can cause a thread to terminate while resources remain allocated, potentially leading to resource exhaustion. Publicly available details are limit...
CVE-2004-1513
The CVE-2004-1513 entry concerns 04WebServer 1.42, where log-writing data is not properly filtered, allowing remote attackers to inject carriage return characters and spoof log entries. The issue affects the logging component, enabling log tampering without affecting other content. The provided s...
CVE-2006-4199
CVE-2006-4199 describes a cross-site scripting (XSS) vulnerability in Soft3304 04WebServer, affected versions 1.83 and earlier. The root cause is that user-supplied URL content is not properly sanitized before being echoed in an error page, allowing an attacker to inject arbitrary web script or H...
CVE-2004-1514
04WebServer 1.42 is affected by a DoS vulnerability triggered by an HTTP request for an MS-DOS device name (e.g., COM2), causing the server to fail to restart properly. The CVE entry notes a partial availability impact. No additional exploit details or fixes are provided in the connected documents.
CVE-2006-4200
This CVE (CVE-2006-4200) affects 04WebServer 1.83 and earlier. A vulnerability in request processing allows remote attackers to bypass user authentication, potentially enabling access to server files without credentials. The JVN entry confirms a directory traversal-style bypass of authentication ...