Pico Server: >> Pico Server >> 3.0_beta_3 Security Vulnerabilities
Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.012
Published
2005-05-17
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
CVSS Score
10.0
EPSS Score
0.073
Published
2005-05-16
Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.
CVSS Score
7.5
EPSS Score
0.047
Published
2005-05-16
Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-16