RaQ
by Cobalt
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0347 | 0.01 | — | 0.08 | Jun 25, 2002 | Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. | |||
| CVE-2002-0346 | 0.01 | — | 0.12 | Jun 25, 2002 | Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. | |||
| CVE-2002-0348 | 0.00 | — | 0.06 | Jun 25, 2002 | service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument. | |||
| CVE-1999-1530 | 0.00 | — | 0.00 | Nov 8, 1999 | cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. | |||
| CVE-1999-0408 | 0.00 | — | 0.00 | Feb 25, 1999 | Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. |
- CVE-2002-0347Jun 25, 2002risk 0.01cvss —epss 0.08
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
- CVE-2002-0346Jun 25, 2002risk 0.01cvss —epss 0.12
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
- CVE-2002-0348Jun 25, 2002risk 0.00cvss —epss 0.06
service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.
- CVE-1999-1530Nov 8, 1999risk 0.00cvss —epss 0.00
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
- CVE-1999-0408Feb 25, 1999risk 0.00cvss —epss 0.00
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.