VYPR
Vendor

Pico Server

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2021-32827MedAug 16, 2021
    risk 0.40cvss 6.1epss 0.02

    MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine.…

  • CVE-2005-1365May 16, 2005
    risk 0.04cvss epss 0.12

    Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

  • CVE-2005-1366May 16, 2005
    risk 0.04cvss epss 0.07

    Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.

  • CVE-2002-2295Dec 31, 2002
    risk 0.04cvss epss 0.07

    Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an…

  • CVE-2001-0202May 3, 2001
    risk 0.03cvss epss 0.03

    Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request.

  • CVE-2024-22087CriJan 5, 2024
    risk 0.00cvss 9.8epss 0.02

    route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.

  • CVE-2005-1952Jun 16, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count.

  • CVE-2005-1953Jun 11, 2005
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request.

  • CVE-2005-1367May 16, 2005
    risk 0.00cvss epss 0.01

    Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.