Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by accoria

    CVE-2010-2271 (GCVE-0-2010-2271)

    Vulnerability from nvd – Published: 2010-06-14 19:00 – Updated: 2024-09-16 17:08
    VLAI
    Summary
    Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2271",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2271",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:08:55.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2270 (GCVE-0-2010-2270)

    Vulnerability from nvd – Published: 2010-06-14 19:00 – Updated: 2024-09-17 00:41
    VLAI
    Summary
    Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2270",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:41:57.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2269 (GCVE-0-2010-2269)

    Vulnerability from nvd – Published: 2010-06-14 19:00 – Updated: 2024-09-16 18:49
    VLAI
    Summary
    Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2269",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:49:48.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2268 (GCVE-0-2010-2268)

    Vulnerability from nvd – Published: 2010-06-14 19:00 – Updated: 2024-09-16 18:07
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2268",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:07:48.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2267 (GCVE-0-2010-2267)

    Vulnerability from nvd – Published: 2010-06-14 19:00 – Updated: 2024-09-17 02:33
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.603Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2267",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:33:04.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2269 (GCVE-0-2010-2269)

    Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-16 18:49
    VLAI
    Summary
    Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2269",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:49:48.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2270 (GCVE-0-2010-2270)

    Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-17 00:41
    VLAI
    Summary
    Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2270",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:41:57.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2268 (GCVE-0-2010-2268)

    Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-16 18:07
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.669Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2268",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:07:48.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2267 (GCVE-0-2010-2267)

    Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-17 02:33
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.603Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2267",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:33:04.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2271 (GCVE-0-2010-2271)

    Vulnerability from cvelistv5 – Published: 2010-06-14 19:00 – Updated: 2024-09-16 17:08
    VLAI
    Summary
    Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ioactive.com/pdfs/AccoriaWebServer.pdf x_refsource_MISC
    http://www.kb.cert.org/vuls/id/245081 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:25:07.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
              },
              {
                "name": "VU#245081",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/245081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-14T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
            },
            {
              "name": "VU#245081",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/245081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2271",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path (aka Password File) parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
                },
                {
                  "name": "VU#245081",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/245081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2271",
        "datePublished": "2010-06-14T19:00:00.000Z",
        "dateReserved": "2010-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:08:55.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }