Software602: >> 602pro Lan Suite >> 2002 Security Vulnerabilities
LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-11-23
Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future.
CVSS Score
6.8
EPSS Score
0.004
Published
2004-11-23
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
The Czech edition of Software602's Web Server before 2002.0.02.0916 allows remote attackers to gain administrator privileges via direct HTTP requests to the /admin/ directory, which is not password protected.
CVSS Score
10.0
EPSS Score
0.011
Published
2002-12-31
The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.
CVSS Score
5.0
EPSS Score
0.04
Published
2002-12-31