3 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe. VisNetic WebSite 3.5 permite a atacantes remotos obtener la ruta completa del servidor mediante una petición conteniendo una carpeta que no existe, lo que filtra la ruta en un mensaje de error, como se demostró usando _vti_bin/fpcount.exe. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html http://marc.info/?l=bugtraq&m=105733894003737&w=2 http://www.krusesecurity.dk/advisories/vis0103.txt http://www.securityfocus.com/bid/8075 https://exchange.xforce.ibmcloud.com/vulnerabilities/12483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html http://www.securityfocus.com/bid/6364 https://exchange.xforce.ibmcloud.com/vulnerabilities/10840 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page. • https://www.exploit-db.com/exploits/22083 http://archives.neohapsis.com/archives/bugtraq/2002-12/0113.html http://www.deerfield.com/products/visnetic_website http://www.securityfocus.com/bid/6369 https://exchange.xforce.ibmcloud.com/vulnerabilities/10852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •