CVE-2012-4871 – Litespeed Web Server - 'gtitle' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4871
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en rvice/graph_html.php en el panel de administrador en LiteSpeed ??Web Server v4.1.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro gtitle • https://www.exploit-db.com/exploits/37947 http://k1p0d.com/?p=25 http://packetstormsecurity.org/files/110974/LiteSpeed-4.1.11-Cross-Site-Scripting.html http://secunia.com/advisories/48400 https://exchange.xforce.ibmcloud.com/vulnerabilities/74144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2333 – Litespeed Technologies - Web Server Remote Poison Null Byte
https://notcve.org/view.php?id=CVE-2010-2333
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. LiteSpeed Technologies LiteSpeed Web Server v4.0.x anteriores a 4.0.15 permite a atacantes remotos leer el código fuente de los scripts a través de una petición HTTP con un byte null seguido de una extensión .txt. • https://www.exploit-db.com/exploits/13850 http://osvdb.org/65476 http://seclists.org/fulldisclosure/2010/Jun/288 http://secunia.com/advisories/40128 http://www.exploit-db.com/exploits/13850 http://www.litespeedtech.com/latest/litespeed-web-server-4.0.15-released.html http://www.litespeedtech.com/support/forum/showthread.php?t=4078 http://www.securityfocus.com/bid/40815 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •