Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.

Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.

Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

The Zeus web server administrative interface uses weak encryption for its passwords.