Vulnerabilities (CVE)

Filtered by vendor Brs Subscribe
Filtered by product Webweaver
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2128 1 Brs 1 Webweaver 2023-12-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.
CVE-2001-0453 1 Brs 1 Webweaver 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
CVE-2001-0452 1 Brs 1 Webweaver 2023-12-10 5.0 MEDIUM N/A
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
CVE-2003-1235 1 Brs 1 Webweaver 2023-12-10 5.0 MEDIUM N/A
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.
CVE-2002-1546 1 Brs 1 Webweaver 2023-12-10 7.5 HIGH N/A
BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
CVE-2003-1165 1 Brs 1 Webweaver 2023-12-10 5.0 MEDIUM N/A
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
CVE-2003-0409 1 Brs 1 Webweaver 2023-12-10 10.0 HIGH N/A
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.