BrsCVEs & Vulnerabilities

7 CVEs affecting Brs products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

webweaver 34
CVE-2004-2128MEDIUMpoc

Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.

31 Dec 2004
6.8
CVSS
CVE-2003-1235MEDIUM

BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory.

31 Dec 2003
5.0
CVSS
CVE-2003-1165MEDIUMpoc

Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.

31 Dec 2003
5.0
CVSS
CVE-2003-0409CRITICALpoc

Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.

30 Jun 2003
10.0
CVSS
CVE-2002-1546HIGH

BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.

31 Mar 2003
7.5
CVSS
CVE-2001-0453MEDIUM

Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.

27 Jun 2001
5.0
CVSS
CVE-2001-0452MEDIUMpoc

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.

27 Jun 2001
5.0
CVSS
← PrevPage 1 / 1Next →