Vulnerabilities > Jasper

DATE CVE VULNERABILITY TITLE RISK
2010-04-20 CVE-2009-4770 Credentials Management vulnerability in Jasper Httpdx
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
network
low complexity
jasper CWE-255
7.5
2010-04-20 CVE-2009-4769 USE of Externally-Controlled Format String vulnerability in Jasper Httpdx
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
network
jasper CWE-134
critical
9.3
2009-10-11 CVE-2009-3663 USE of Externally-Controlled Format String vulnerability in Jasper Httpdx 1.4
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
network
low complexity
jasper CWE-134
critical
10.0