Lucene search
K

235 matches found

Veracode
Veracode
added 2022/03/31 9:50 a.m.4 views

Directory Traversal

spring-boot is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of access rights allowing an attacker to write to an embedded web server...

7.8CVSS6.6AI score0.00583EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.23 views

Schneider Electric Modicon Cross-site Scripting (CVE-2018-7831)

An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a...

8.8CVSS7.5AI score0.00635EPSS
Exploits1References4
OSV
OSV
added 2022/01/20 5:15 p.m.3 views

CVE-2021-44734

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device...

9.8CVSS7.9AI score0.06427EPSS
Exploits0References2
OSV
OSV
added 2022/01/20 5:15 p.m.8 views

CVE-2021-44735

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07...

9.8CVSS7.3AI score0.07702EPSS
Exploits0References4
Prion
Prion
added 2022/01/20 5:15 p.m.18 views

Command injection

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07...

10CVSS9.8AI score0.07702EPSS
Exploits0References4Affected Software118
Positive Technologies
Positive Technologies
added 2022/01/20 12:0 a.m.5 views

PT-2022-12212 · Lexmark · Lexmark Devices

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: The issue is related to an embedded web server input sanitization vulnerability in Lexmark devices, which can lead to remote code execution on the device. Recommendations: At the...

10CVSS7.9AI score0.06427EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/11/15 12:0 a.m.8 views

The vulnerability of the embedded web-server microprogramming software for Hikvision cameras allows a intruder to execute arbitrary commands.

The vulnerability of Hikvision’s embedded web-server-based IP camera software relates to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

10CVSS8.2AI score0.99869EPSS
Exploits23References5Affected Software68
0day.today
0day.today
added 2021/09/10 12:0 a.m.170 views

ECOA Building Automation System Cookie Poisoning / Authentication Bypass Vulnerabilities

ECOA building automation systems suffer from a cookie poisoning vulnerability that allows for authentication bypass. Many versions are affected. ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

0.5AI score
Exploits0
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.4 views

AKCP sensorProbe 跨站脚本漏洞

The AKCP sensorProbe is a platform-independent environmental and safety monitoring device from AKCP USA. Simply assign an IP address and connect to the embedded web server. A cross-site scripting vulnerability exists in versions prior to SP480-20210624 of the AKCP sensorProbe Embedded Web Server...

5.4CVSS5.4AI score0.0323EPSS
Exploits5References6
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.14 views

The vulnerability of the webSetEMailAlert function in the embedded web server, due to insufficient validation of input data, allows a malicious user to elevate their privileges and execute system commands of the operating system.

The vulnerability of the webSetEMailAlert function in the embedded web server is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to enhance their privileges and execute system commands of the operating system...

10CVSS5.6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.4 views

The vulnerability of the webSettingProfileGeneral function in the embedded web server software is related to buffer overflows in the stack due to deficiencies in input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.

The vulnerability of the webSettingProfileGeneral function in the embedded web server software is related to buffer overflows in the stack due to deficiencies in input data processing. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary code, or caus...

9.1CVSS6.1AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.7 views

The vulnerability of the webSettingProfileGeneral function in the embedded web server software is related to buffer overflows in the stack due to deficiencies in input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.

The vulnerability of the webSettingProfileGeneral function in the embedded web server software is related to buffer overflows in the stack due to deficiencies in input data processing. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary code, or caus...

9.1CVSS6.1AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.18 views

The vulnerability of the webSetSerialOpModel function in the embedded software of the web server stems from buffer overflows in the stack due to insufficient input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.

The vulnerability of the webSetSerialOpModel function in the embedded software of the web server is related to buffer overflows in the stack due to deficiencies in input data processing. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary code, or...

9.1CVSS6.1AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.13 views

The vulnerability of the webSetFrmUpgrade function in the embedded web server, which involves copying buffers without checking the size of the input data, allows a hacker to escalate their privileges and cause a service failure.

The vulnerability of the webSetFrmUpgrade function in the embedded web server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges and cause service interruptions using a specially crafte...

6.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.7 views

The vulnerability of the `webSetWizardVariablesl` function in the embedded web server software is related to buffer overflows in the stack due to insufficient input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.

The vulnerability of the webSetWizardVariablesl function in the embedded web server software is related to buffer overflows in the stack due to deficiencies in input data processing. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary code, or cause...

9.1CVSS6.1AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.7 views

The vulnerability of the MtcSetDataItem function in the embedded web server, related to insufficient validation of input data, allows attackers to escalate their privileges and cause service failures.

The vulnerability of the MtcSetDataItem function in the embedded web server is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and cause service failures using a specially crafted package...

7.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.3 views

The vulnerability of the MtcSetDataItemt function in the embedded web server, due to insufficient validation of input data, allows attackers to escalate their privileges and execute system commands of the operating system.

The vulnerability of the MtcSetDataItemt function in the embedded web server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute system commands of the operating system...

10CVSS5.6AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/04/25 12:0 a.m.4 views

npupnp 访问控制错误漏洞

npupnp is an implementation library for the UPNP protocol. A DNS rebinding vulnerability exists in the embedded web server in versions prior to npupnp 4.1.4. An attacker can exploit this vulnerability to achieve remote code execution...

8.8CVSS6.2AI score0.00956EPSS
Exploits0References4
Hewlett-Packard
Hewlett-Packard
added 2020/12/27 12:0 a.m.121 views

HPSBPI03709 rev. 1 - Certain HP and Samsung-branded Print Products - IPv6 Network Stack Vulnerability

Potential Security Impact Denial of Service Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY HP has identified a potential security vulnerability with the IPv6 network stack of certain HP and Samsung branded printers that could result in a denial of service. RESOLUTION HP ...

5.3CVSS1.4AI score0.01707EPSS
Exploits0
OSV
OSV
added 2020/03/10 1:15 p.m.5 views

CVE-2018-18894

Certain older Lexmark devices C, M, X, and 6500e before 2018-12-18 contain a directory traversal vulnerability in the embedded web server...

7.5CVSS5.8AI score0.01655EPSS
Exploits0References2
Rows per page
Query Builder