Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pi3 | pi3web | 1.0.1 |
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pi3 | pi3web | 1.0.1 |
CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pi3 | pi3web | 2.0 |
Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pi3 | pi3web | 2.0.0 |
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pi3 | pi3web | 2.0.1 |
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pi3 | pi3web | 2.0.2_beta_1 |