12 matches found
CVE-2020-13228
CVE-2020-13228 affects Sysax Multi Server 6.90. The issue is a reflected Cross-Site Scripting vulnerability via the /scgi sid parameter, caused by insufficient validation in the web application. It allows execution of client-side scripts in a victim’s browser. Public references include a PoC/expl...
CVE-2024-53459
Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. This CVE (CVE-2024-53459) is documented across multiple sources (NVD, Red Hat, CNVD, CVE listing, etc.) with no explicit exploit details or mitigation guidance provided in the connected records. The v...
CVE-2009-4790
CVE-2009-4790 concerns Sysax Multi Server 4.5, where multiple directory traversal vulnerabilities allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. The description notes that provenance is unknown and details come from third‑party information. All connec...
CVE-2020-13227
CVE-2020-13227 concerns Sysax Multi Server 6.90. The vulnerability arises in the web server component where triggering an invalid path permission error bypasses the fakepath protection, allowing an attacker to determine the username under which the server is running. Affected product: Sysax Multi...
CVE-2020-13229
Sysax Multi Server 6.90 is affected by CVE-2020-13229, where an attacker can hijack a session by observing the sid authentication token in any /scgi URI. The vulnerability directly exposes session confidentiality and integrity, as the sid value acts as an authentication token. NVD reports CVSS v3...
CVE-2024-53458
Sysax Multi Server 6.99 is affected by a denial-of-service (DoS) condition when processing specially crafted SSH packets. The issue affects Sysax Multi Server 6.99 (no other versions are confirmed here) and is evidenced by CVE-2024-53458 with a CVSSv3.1 base score of 7.5 (Network attack, low comp...
CVE-2009-4800
The CVE-2009-4800 entry describes a directory traversal vulnerability in Sysax Multi Server versions 4.3 and 4.5 . It allows remote authenticated users to delete arbitrary files via a “..//” sequence in a DELE command, indicating a flaw in path handling during FTP-like file operations. The availa...
CVE-2020-23574
Sysax Multi Server 6.90 is affected. An authenticated user can modify the filename="" parameter in the uploadfile_name1.htm upload form to reach 368+ bytes, triggering a buffer overflow that causes the application to crash. Root cause is a overflow in handling long filenames during file upload. N...
CVE-2012-6530
CVE-2012-6530 is a stack-based buffer overflow in Sysax Multi Server prior to 5.52 (HTTP enabled) that allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request. Public exploit paths exist (e.g., Exploit-DB, Metasploit module for Sysax 5.6...
CVE-2012-10060
Sysax Multi Server before 5.55 is vulnerable to a stack-based buffer overflow in its SSH service when a remote attacker supplies an overly long username during authentication. The input is copied into a fixed-size stack buffer without proper bounds checking, enabling remote code execution under t...
CVE-2013-10065
CVE-2013-10065 affects Sysax Multi-Server 6.10 SSHD. A specially crafted SSH key exchange packet can crash the service, causing denial of service. The flaw is triggered by malformed key exchange data, including a non‑standard byte (0x28) replacing the SSH protocol delimiter. Multiple sources (NVD...
CVE-2023-54337
CVE-2023-54337 affects Sysax Multi Server 6.95. The vulnerability resides in the administrative password field, where an attacker can supply 800 repeating characters, leading to an application crash and denial of service. This is a DoS condition that disrupts server functionality. Evidence from m...