3 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de muestra cgi-bin/post.mscgi de MyServer 0.8.9 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el contenido del cuerpo (body). • https://www.exploit-db.com/exploits/30222 http://osvdb.org/36340 http://osvdb.org/37506 http://securityreason.com/securityalert/2823 http://www.securityfocus.com/archive/1/471915/100/0/threaded http://www.securityfocus.com/bid/24583 https://exchange.xforce.ibmcloud.com/vulnerabilities/34975 •

CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. MyServer 0.8.9 y versiones anteriores no gestiona apropiadamente los caracteres en mayúsculas en la extensiones de fichero, lo cual permite a atacantes remotos obtener información confidencial (código fuente de scripts) mediante una extensión modificada, como se demuestra con post.mscgI. • https://www.exploit-db.com/exploits/30219 http://osvdb.org/37505 http://secunia.com/advisories/25754 http://securityreason.com/securityalert/2827 http://www.securityfocus.com/archive/1/471914/100/0/threaded http://www.securityfocus.com/bid/24571 https://exchange.xforce.ibmcloud.com/vulnerabilities/34977 • CWE-178: Improper Handling of Case Sensitivity •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0092.html http://www.securityfocus.com/bid/6359 https://exchange.xforce.ibmcloud.com/vulnerabilities/10827 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •