Brs: >> Webweaver Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.
CVSS Score
6.8
EPSS Score
0.007
Published
2004-12-31
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
CVSS Score
5.0
EPSS Score
0.082
Published
2003-12-31
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.
CVSS Score
5.0
EPSS Score
0.004
Published
2003-12-31
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.
CVSS Score
10.0
EPSS Score
0.083
Published
2003-06-30
BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
CVSS Score
7.5
EPSS Score
0.004
Published
2003-03-31
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
CVSS Score
5.0
EPSS Score
0.034
Published
2001-06-27
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
CVSS Score
5.0
EPSS Score
0.009
Published
2001-06-27