Vulnerabilities > Jasper > Httpdx > 1.4.6b
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-20 | CVE-2009-4770 | Credentials Management vulnerability in Jasper Httpdx The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | 7.5 |
2010-04-20 | CVE-2009-4769 | USE of Externally-Controlled Format String vulnerability in Jasper Httpdx Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component. | 9.3 |