RhinosoftCVEs & Vulnerabilities

7 CVEs affecting Rhinosoft products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ftp voyager 18dns4me 2zaep antispam 2serv-u 1
CVE-2010-4154CRITICAL

Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

3 Nov 2010
9.3
CVSS
CVE-2009-4873CRITICALpoc

Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.

26 May 2010
10.0
CVSS
CVE-2007-1079HIGHpoc

Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.

23 Feb 2007
7.8
CVSS
CVE-2004-1690MEDIUM

Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.

18 Sep 2004
4.3
CVSS
CVE-2004-1691MEDIUMpoc

The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.

18 Sep 2004
5.0
CVSS
CVE-2004-1939MEDIUMpoc

Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.

14 Apr 2004
4.3
CVSS
CVE-2001-1103HIGH

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.

3 Mar 2001
7.5
CVSS
← PrevPage 1 / 1Next →