CVE-2004-2119
published 2004-12-31CVE-2004-2119: Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL.
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.93%
77.5th percentile
Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tinyserver | tinyserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WFTPD Server GUI 3.21 - Remote Denial of Service
exploitdb·2004-03-17
CVE-2004-2367 WFTPD Server GUI 3.21 - Remote Denial of Service
WFTPD Server GUI 3.21 - Remote Denial of Service
---
source: https://www.securityfocus.com/bid/9908/info
WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large parameter. This will cause the server GUI to behave in an unstable manner, potentially preventing the GUI from opening.
#!/usr/bin/perl
# Multiple Vulnerabilities in WFTPD FTP Server version 3.21.1
# Created by Beyond Security Ltd. - All rights reserved.
use IO::Socket;
$host = "192.168.1.243";
$remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "2119");
unless ($remote) { die "cannot connect to ftp daemon on $host" }
print "connected\n";
while ()
Exploit-DB
ArGoSoft FTP Server 1.0/1.2/1.4 - Multiple Vulnerabilities
exploitdb·2004-02-27
CVE-2004-2675 ArGoSoft FTP Server 1.0/1.2/1.4 - Multiple Vulnerabilities
ArGoSoft FTP Server 1.0/1.2/1.4 - Multiple Vulnerabilities
---
source: https://www.securityfocus.com/bid/9770/info
ArGoSoft has released version 1.4.1.6 of their FTP Server to address multiple unspecified security vulnerabilities. These issues include three buffer overruns when handling overly long FTP SITE ZIP and SITE COPY commands, a file enumeration issue involving the SITE UNZIP command and user database corruption denial of service attacks via the SITE PASS command.
#!/usr/bin/perl
# Multiple Vulnerabilities in ArGoSoft FTP Server version 1.4 (1.4.1.4)
# Created by Beyond Security Ltd. - All rights reserved.
use IO::Socket;
$host = "192.168.1.243";
$remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host,
PeerPort => "2119",,
);
unless ($remote) { die "cannot conne
Exploit-DB
TinyServer 1.1 - Cross-Site Scripting
exploitdb·2004-01-24
CVE-2004-2119 TinyServer 1.1 - Cross-Site Scripting
TinyServer 1.1 - Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9485/info
TinyServer is prone to multiple vulnerabilities.
A directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.
A denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.
A cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks.
http://[host]/alert("Test
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107496530806730&w=2http://secunia.com/advisories/10707http://www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txthttp://www.osvdb.org/3710http://www.securityfocus.com/bid/9485https://exchange.xforce.ibmcloud.com/vulnerabilities/14929http://marc.info/?l=bugtraq&m=107496530806730&w=2http://secunia.com/advisories/10707http://www.autistici.org/fdonato/advisory/tinyServer1.1%5B1.0.5%5D-adv.txthttp://www.osvdb.org/3710http://www.securityfocus.com/bid/9485https://exchange.xforce.ibmcloud.com/vulnerabilities/14929
2004-12-31
Published