Litespeedtech » Litespeed Web Server : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-09-06
Updated
2017-08-29
CVE-2010-2333
Public exploit
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
Max CVSS
5.0
EPSS Score
91.45%
Published
2010-06-18
Updated
2010-07-13
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Max CVSS
5.0
EPSS Score
0.25%
Published
2004-11-23
Updated
2024-02-15
3 vulnerabilities found