CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3364 – MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3364
Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de muestra cgi-bin/post.mscgi de MyServer 0.8.9 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el contenido del cuerpo (body). • https://www.exploit-db.com/exploits/30222 http://osvdb.org/36340 http://osvdb.org/37506 http://securityreason.com/securityalert/2823 http://www.securityfocus.com/archive/1/471915/100/0/threaded http://www.securityfocus.com/bid/24583 https://exchange.xforce.ibmcloud.com/vulnerabilities/34975 •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2007-3365 – MyServer 0.8.9 - Filename Parse Error Information Disclosure
https://notcve.org/view.php?id=CVE-2007-3365
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. MyServer 0.8.9 y versiones anteriores no gestiona apropiadamente los caracteres en mayúsculas en la extensiones de fichero, lo cual permite a atacantes remotos obtener información confidencial (código fuente de scripts) mediante una extensión modificada, como se demuestra con post.mscgI. • https://www.exploit-db.com/exploits/30219 http://osvdb.org/37505 http://secunia.com/advisories/25754 http://securityreason.com/securityalert/2827 http://www.securityfocus.com/archive/1/471914/100/0/threaded http://www.securityfocus.com/bid/24571 https://exchange.xforce.ibmcloud.com/vulnerabilities/34977 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0CVE-2007-2414
https://notcve.org/view.php?id=CVE-2007-2414
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. MyServer anterior a 0.8.8 permite a atacantes remotos provocar una denegación de servicio a través de vectores no identificados. • http://osvdb.org/35469 http://secunia.com/advisories/25026 http://sourceforge.net/project/shownotes.php?release_id=504709&group_id=63119 http://www.myserverproject.net/forum/viewtopic.php?t=1659&sid=ab6d273497a064cd3ed7a83d1c44a70a http://www.securityfocus.com/bid/23716 http://www.vupen.com/english/advisories/2007/1589 https://exchange.xforce.ibmcloud.com/vulnerabilities/33971 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1588
https://notcve.org/view.php?id=CVE-2007-1588
server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges. server.cpp en el MyServer 0.8.5 llama al Process::setuid antes de llamar al rocess::setgid con lo que no se eliminan los privilegios adecuadamente. Esto permite a atacantes remotos ejecutar programas CGI con privilegios imprevistos. • http://osvdb.org/34521 http://sourceforge.net/mailarchive/forum.php?thread_id=31631045&forum_id=47875 http://www.myserverproject.net/news.php •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1659
https://notcve.org/view.php?id=CVE-2005-1659
Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. • http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log http://secunia.com/advisories/15274 •