Lucene search
K
UltrapopI-httpd

4 matches found

CVE
CVE
added 2014/12/12 12:0 a.m.54 views

CVE-2014-7262

CVE-2014-7262 is a stored cross-site scripting (XSS) flaw in the Omake BBS component of the i-HTTPD web server. The flaw arises from improper processing of input character strings, enabling remote attackers to inject arbitrary script/HTML via crafted input (CWE-79). Impact is that an arbitrary sc...

4.3CVSS5.8AI score0.01773EPSS
CVE
CVE
added 2014/12/12 12:0 a.m.46 views

CVE-2014-7260

CVE-2014-7260 affects ULTRAPOP.JP i-HTTPD's File Upload BBS, where the Server Side Includes (SSI) implementation processes directives in uploaded files. The root cause is SSI handling that allows remote attackers to execute arbitrary commands by uploading crafted files containing SSI directives. ...

7.5CVSS7.8AI score0.02103EPSS
CVE
CVE
added 2014/12/12 12:0 a.m.45 views

CVE-2014-7263

CVE-2014-7263 : i-HTTPD (Windows) contains a flaw in processing HTTP headers that enables cross‑site scripting via a crafted header. The vulnerability allows a remote attacker to induce arbitrary script execution in a user’s browser. The JVN entry notes this is a separate issue from CVE-2014-7261...

4.3CVSS5.7AI score0.01502EPSS
CVE
CVE
added 2014/12/12 12:0 a.m.41 views

CVE-2014-7261

CVE-2014-7261 affects i-HTTPD (Windows) via a flaw in processing the HTTP header that can lead to cross-site scripting (CWE-79). The connected JVN entry explicitly documents an XSS in the HTTP header handling and notes that this vulnerability is distinct from CVE-2014-7263 (directory-index render...

4.3CVSS5.6AI score0.01148EPSS