CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Etype » Eserv : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4588 119 1 DoS Exec Code Overflow 2008-10-15 2009-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
2 CVE-2006-2309 +Info 2006-06-01 2008-09-05
4.0
None Remote Low Single system Partial None None
The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files.
3 CVE-2006-2308 Dir. Trav. 2006-06-01 2008-09-05
5.5
None Remote Low Single system Partial Partial None
Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
4 CVE-2003-1266 DoS 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
5 CVE-2003-0290 DoS 2003-06-16 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
6 CVE-2002-0222 2002-05-16 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
7 CVE-2002-0221 DoS 2002-05-16 2008-09-10
5.0
None Remote Low Not required None None Partial
Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.
8 CVE-2002-0112 2002-03-25 2008-09-10
5.0
None Remote Low Not required Partial None None
Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL.
9 CVE-2000-0907 DoS Exec Code 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.
10 CVE-2000-0523 Exec Code Overflow 2000-06-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.
11 CVE-1999-1509 Dir. Trav. 1999-11-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL.
Total number of vulnerabilities : 11   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.