602pro Lan Suite
by Software602
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1423 | 0.03 | — | 0.03 | May 3, 2005 | Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter. | |||
| CVE-2005-0344 | 0.03 | — | 0.03 | May 2, 2005 | Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2004-0337 | 0.03 | — | 0.02 | Nov 23, 2004 | Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be… | |||
| CVE-2002-2174 | 0.03 | — | 0.02 | Dec 31, 2002 | The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections. | |||
| CVE-2007-3203 | 0.00 | — | 0.04 | Jun 12, 2007 | Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2005-1909 | 0.00 | — | 0.01 | Jun 9, 2005 | The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "<!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability. | |||
| CVE-2004-1502 | 0.00 | — | 0.01 | Dec 31, 2004 | The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop. | |||
| CVE-2004-1501 | 0.00 | — | 0.01 | Dec 31, 2004 | The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data. | |||
| CVE-2004-0335 | 0.00 | — | 0.01 | Nov 23, 2004 | LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. | |||
| CVE-2004-0336 | 0.00 | — | 0.02 | Nov 23, 2004 | LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | |||
| CVE-2002-1928 | 0.00 | — | 0.01 | Dec 31, 2002 | 602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension. | |||
| CVE-2002-2152 | 0.00 | — | 0.02 | Dec 31, 2002 | The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected. | |||
| CVE-2001-0448 | 0.00 | — | 0.01 | Jun 18, 2001 | Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names. | |||
| CVE-2001-0447 | 0.00 | — | 0.02 | Jun 18, 2001 | Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters. | |||
| CVE-2000-1115 | 0.00 | — | 0.02 | Jan 9, 2001 | Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. |
- CVE-2005-1423May 3, 2005risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
- CVE-2005-0344May 2, 2005risk 0.03cvss —epss 0.03
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2004-0337Nov 23, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be…
- CVE-2002-2174Dec 31, 2002risk 0.03cvss —epss 0.02
The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.
- CVE-2007-3203Jun 12, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2005-1909Jun 9, 2005risk 0.00cvss —epss 0.01
The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "<!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability.
- CVE-2004-1502Dec 31, 2004risk 0.00cvss —epss 0.01
The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop.
- CVE-2004-1501Dec 31, 2004risk 0.00cvss —epss 0.01
The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data.
- CVE-2004-0335Nov 23, 2004risk 0.00cvss —epss 0.01
LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.
- CVE-2004-0336Nov 23, 2004risk 0.00cvss —epss 0.02
LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.
- CVE-2002-1928Dec 31, 2002risk 0.00cvss —epss 0.01
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
- CVE-2002-2152Dec 31, 2002risk 0.00cvss —epss 0.02
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
- CVE-2001-0448Jun 18, 2001risk 0.00cvss —epss 0.01
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
- CVE-2001-0447Jun 18, 2001risk 0.00cvss —epss 0.02
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
- CVE-2000-1115Jan 9, 2001risk 0.00cvss —epss 0.02
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.