MidnightBSD

Advisories for emotion

CVE-2005-0286 MEDIUM

eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emotion mediapartner_web_server 5.0
emotion mediapartner_web_server 5.1
CVE-2005-0335 MEDIUM

Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emotion mediapartner_web_server 5.0
CVE-2005-0336 MEDIUM

Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emotion mediapartner_web_server 5.0