VYPR
Vendor

Myserverweb

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2007-3365HigJun 22, 2007
    risk 0.52cvss 7.5epss 0.06

    MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.

  • CVE-2004-2516Dec 31, 2004
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences.

  • CVE-2008-5160Nov 18, 2008
    risk 0.03cvss epss 0.03

    Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."

  • CVE-2007-3364Jun 22, 2007
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content.

  • CVE-2007-1588Mar 21, 2007
    risk 0.00cvss epss 0.01

    server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.

  • CVE-2005-1659May 18, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.

  • CVE-2005-1658May 18, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).