BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brs | webweaver | 0.50_beta |
| brs | webweaver | 0.62_beta |
| brs | webweaver | 0.60_beta |
| brs | webweaver | 0.61_beta |
| brs | webweaver | 0.49_beta |
| brs | webweaver | 0.52_beta |
| brs | webweaver | 0.51_beta |
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brs | webweaver | 0.50_beta |
| brs | webweaver | 0.62_beta |
| brs | webweaver | 0.60_beta |
| brs | webweaver | 0.61_beta |
| brs | webweaver | 0.49_beta |
| brs | webweaver | 0.52_beta |
| brs | webweaver | 0.51_beta |
BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brs | webweaver | 1.0.1 |
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brs | webweaver | 1.0.4 |
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brs | webweaver | 1.0.3 |
| brs | webweaver | 1.0.4 |
| brs | webweaver | 0.61_beta |
| brs | webweaver | 0.52_beta |
| brs | webweaver | 0.51_beta |
| brs | webweaver | 0.50_beta |
| brs | webweaver | 1.0.5 |
| brs | webweaver | 0.62_beta |
| brs | webweaver | 1.0.6 |
| brs | webweaver | 0.60_beta |
| brs | webweaver | 1.0.1 |
| brs | webweaver | 1.0.2 |
| brs | webweaver | 0.63_beta |
| brs | webweaver | 0.49_beta |