CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1365

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1220%
EPSS Percentile5.25th
PublishedMay 16, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

Affected Platforms (CPE)

πŸ“¦
Pico Server

Pico Server

= 3.0
πŸ“¦
Pico Server

Pico Server

= 3.0_beta_3
πŸ“¦
Pico Server

Pico Server

= 3.1
πŸ“¦
Pico Server

Pico Server

= 3.2

References & Advisories

πŸ”— http://marc.info/?l=full-disclosure&m=111625635716712&w=2
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=327708
πŸ”— http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt
πŸ”— http://www.securityfocus.com/bid/13642
πŸ”— http://marc.info/?l=full-disclosure&m=111625635716712&w=2
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=327708
πŸ”— http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt
πŸ”— http://www.securityfocus.com/bid/13642

Related Vulnerabilities

CVE-2002-22957.5

Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and ...

CVE-2005-13667.5

Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in ...

CVE-2005-13677.5

Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside o...

CVE-2005-16267.5

Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.