Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perception | liteserve | 2.0 |
| perception | liteserve | 2.0.2 |
| perception | liteserve | 2.0.1 |
Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perception | liteserve | 2.0.1 |
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perception | liteserve | 2.0 |
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perception | liteserve | 2.0 |
| perception | liteserve | 2.0.2 |
| perception | liteserve | 2.0.1 |
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perception | liteserve | 2.2 |
| perception | liteserve | 2.0 |
| perception | liteserve | 2.0.2 |
| perception | liteserve | 1.25 |
| perception | liteserve | 1.28 |
| perception | liteserve | 2.0.1 |
Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| perception | liteweb | 2.5 |