The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
Max CVSS
7.5
EPSS Score
0.49%
Published
2010-04-20
Updated
2010-06-07

CVE-2009-4769

Public exploit
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
Max CVSS
9.3
EPSS Score
79.69%
Published
2010-04-20
Updated
2010-06-07
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
Max CVSS
5.0
EPSS Score
4.01%
Published
2009-12-31
Updated
2017-08-17

CVE-2009-3711

Public exploit
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
Max CVSS
10.0
EPSS Score
75.84%
Published
2009-10-16
Updated
2018-10-10
Format string vulnerability in the h_readrequest function in http.c in httpdx Web Server 1.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the Host header.
Max CVSS
10.0
EPSS Score
19.39%
Published
2009-10-11
Updated
2017-09-19
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!