Vulnerabilities > BRS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2128 | Cross-Site Scripting vulnerability in BRS WebWeaver Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. network brs | 6.8 |
| 2003-12-31 | CVE-2003-1235 | Information Disclosure vulnerability in BRS WebWeaver BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | 5.0 |
| 2003-12-31 | CVE-2003-1165 | Remote Denial of Service vulnerability in BRS WebWeaver httpd `User-Agent` Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header. | 5.0 |
| 2003-06-30 | CVE-2003-0409 | Denial Of Service vulnerability in BRS Webweaver 1.0.4 Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request. | 10.0 |
| 2003-03-31 | CVE-2002-1546 | Unspecified vulnerability in BRS Webweaver 1.0.1 BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence. | 7.5 |
| 2001-06-27 | CVE-2001-0453 | Directory Traversal vulnerability in BRS WebWeaver Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2001-06-27 | CVE-2001-0452 | Path Disclosure vulnerability in BRS WebWeaver FTP Root BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command. | 5.0 |