7 results (0.025 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the ulang parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS)en RaidenHTTPD 2.0.19 y versiones anteriores permite a atacantes remotos inyectar a su elección secuencias de comandos web o HTML mediante vectores no especificados relacionadas con el parámetro ulang. • http://jvn.jp/jp/JVN%2391868305/index.html http://secunia.com/advisories/28770 http://www.raidenhttpd.com/jp/security.html http://www.securityfocus.com/bid/27628 http://www.vupen.com/english/advisories/2008/0411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 3

Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. Vulnerabilidad de salto de directorio en raidenhttpd-admin/workspace.php en RaidenHTTPD 2.0.19, cuando la función WebAdmin está activada, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de la secuencia .. (punto punto) en el parámetro ulang. • https://www.exploit-db.com/exploits/4747 http://jvn.jp/jp/JVN%2390438169/index.html http://retrogod.altervista.org/rgod_raidenhttpdudo.html http://secunia.com/advisories/28143 http://securityreason.com/securityalert/3460 http://www.osvdb.org/39228 http://www.raidenhttpd.com/jp/security.html http://www.securityfocus.com/archive/1/485221/100/0/threaded http://www.securityfocus.com/bid/26903 http://www.vupen.com/english/advisories/2007/4244 https://exchange.xforce.ibmcloud.co • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en RaidenHTTPD versiones anteriores a 2.0.14 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. • http://jvn.jp/jp/JVN%2390438169/index.html http://osvdb.org/36369 http://secunia.com/advisories/25752 http://www.raidenhttpd.com/jp/security.html http://www.securityfocus.com/bid/24568 http://www.securitytracker.com/id?1018283 http://www.vupen.com/english/advisories/2007/2283 https://exchange.xforce.ibmcloud.com/vulnerabilities/34961 •

CVSS: 5.1EPSS: 8%CPEs: 3EXPL: 2

PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. Vulnerabilidad PHP de inclusión remota de archivo en raidenhttpd-admin/slice/check.php en RaidenHTTPD 1.1.49, cuando register_globals y WebAdmin están habilitadas, permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro SoftParserFileXml. • https://www.exploit-db.com/exploits/2328 http://secunia.com/advisories/21833 http://www.securityfocus.com/bid/19918 http://www.vupen.com/english/advisories/2006/3542 https://exchange.xforce.ibmcloud.com/vulnerabilities/28821 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. RaidenHTTPD 1.1.47 permite a atacantes remotos obtener el código fuente de ficheros de guiones, incuyendo PHP, mediante peticiones artesanales conllevando caracteres (1) "." (punto), (2) espacio, y (3) "/" (barra). • http://secunia.com/advisories/19032 http://secunia.com/secunia_research/2006-15/advisory http://www.osvdb.org/23616 http://www.securityfocus.com/bid/16934 http://www.vupen.com/english/advisories/2006/0807 https://exchange.xforce.ibmcloud.com/vulnerabilities/25037 •