VYPR

HTTP Commander

by HTTP Commander

CVEs (3)

  • CVE-2003-1166Dec 31, 2003
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2007-0583Jan 30, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The…

  • CVE-2003-1168Dec 31, 2003
    risk 0.00cvss epss 0.02

    HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.