MidnightBSD

Advisories for perception

CVE-2002-1986 MEDIUM

Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
perception liteserve 2.0
perception liteserve 2.0.2
perception liteserve 2.0.1
CVE-2002-2192 MEDIUM

Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
perception liteserve 2.0.1
CVE-2002-2369 MEDIUM

Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
perception liteserve 2.0
CVE-2002-2406 MEDIUM

Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
perception liteserve 2.0
perception liteserve 2.0.2
perception liteserve 2.0.1
CVE-2003-1144 HIGH

Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
perception liteserve 2.2
perception liteserve 2.0
perception liteserve 2.0.2
perception liteserve 1.25
perception liteserve 1.28
perception liteserve 2.0.1
CVE-2005-1908 HIGH

Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
perception liteweb 2.5