Roxen
Products
3- 14 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3899 | Med | 0.35 | 5.4 | 0.00 | Jun 10, 2025 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s… | ||
| CVE-2021-31630 | 0.07 | — | 0.27 | Aug 3, 2021 | Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | |||
| CVE-2023-53941 | 0.06 | — | 0.06 | Dec 18, 2025 | EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to… | |||
| CVE-2000-0671 | 0.04 | — | 0.08 | Jul 21, 2000 | Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL. | |||
| CVE-1999-0235 | 0.04 | — | 0.07 | Feb 17, 1995 | Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. | |||
| CVE-2003-1318 | 0.03 | — | 0.03 | Dec 31, 2003 | Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376. | |||
| CVE-2002-2165 | 0.03 | — | 0.01 | Dec 31, 2002 | The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox. | |||
| CVE-2023-53944 | 0.00 | — | 0.01 | Dec 18, 2025 | EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like… | |||
| CVE-2025-3847 | 0.00 | — | 0.00 | Apr 21, 2025 | A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to… | |||
| CVE-2025-3846 | 0.00 | — | 0.00 | Apr 21, 2025 | A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql… | |||
| CVE-2025-3845 | 0.00 | — | 0.01 | Apr 21, 2025 | A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of the file code/buffer/buffer.cpp. The manipulation of the argument writePos_ leads to buffer overflow. The attack… | |||
| CVE-2023-3767 | 0.00 | — | 0.01 | Sep 26, 2023 | An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | |||
| CVE-2001-1118 | 0.00 | — | 0.03 | Aug 2, 2001 | A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL. | |||
| CVE-1999-1522 | 0.00 | — | 0.01 | Oct 7, 1999 | Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML. | |||
| CVE-1999-1125 | 0.00 | — | 0.04 | Sep 19, 1997 | Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. |
- risk 0.35cvss 5.4epss 0.00
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s…
- CVE-2021-31630Aug 3, 2021risk 0.07cvss —epss 0.27
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
- CVE-2023-53941Dec 18, 2025risk 0.06cvss —epss 0.06
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to…
- CVE-2000-0671Jul 21, 2000risk 0.04cvss —epss 0.08
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
- CVE-1999-0235Feb 17, 1995risk 0.04cvss —epss 0.07
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
- CVE-2003-1318Dec 31, 2003risk 0.03cvss —epss 0.03
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
- CVE-2002-2165Dec 31, 2002risk 0.03cvss —epss 0.01
The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
- CVE-2023-53944Dec 18, 2025risk 0.00cvss —epss 0.01
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like…
- CVE-2025-3847Apr 21, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to…
- CVE-2025-3846Apr 21, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql…
- CVE-2025-3845Apr 21, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of the file code/buffer/buffer.cpp. The manipulation of the argument writePos_ leads to buffer overflow. The attack…
- CVE-2023-3767Sep 26, 2023risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.
- CVE-2001-1118Aug 2, 2001risk 0.00cvss —epss 0.03
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
- CVE-1999-1522Oct 7, 1999risk 0.00cvss —epss 0.01
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.
- CVE-1999-1125Sep 19, 1997risk 0.00cvss —epss 0.04
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.