4 matches found
CVE-2014-7262
CVE-2014-7262 is a stored cross-site scripting (XSS) flaw in the Omake BBS component of the i-HTTPD web server. The flaw arises from improper processing of input character strings, enabling remote attackers to inject arbitrary script/HTML via crafted input (CWE-79). Impact is that an arbitrary sc...
CVE-2014-7260
CVE-2014-7260 affects ULTRAPOP.JP i-HTTPD's File Upload BBS, where the Server Side Includes (SSI) implementation processes directives in uploaded files. The root cause is SSI handling that allows remote attackers to execute arbitrary commands by uploading crafted files containing SSI directives. ...
CVE-2014-7263
CVE-2014-7263 : i-HTTPD (Windows) contains a flaw in processing HTTP headers that enables cross‑site scripting via a crafted header. The vulnerability allows a remote attacker to induce arbitrary script execution in a user’s browser. The JVN entry notes this is a separate issue from CVE-2014-7261...
CVE-2014-7261
CVE-2014-7261 affects i-HTTPD (Windows) via a flaw in processing the HTTP header that can lead to cross-site scripting (CWE-79). The connected JVN entry explicitly documents an XSS in the HTTP header handling and notes that this vulnerability is distinct from CVE-2014-7263 (directory-index render...