CVE-2017-1000028

Removed by vendor...

Directory Traversal

web-debug is vulnerable to path traversal attacks. An attacker can access any files in the host machine by sending a HTTP GET request with /../ in it to obtain sensitive files such as /../../etc/passwd...

Information disclosure

IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667...

EFS Easy Chat Server 3.1 - Password Disclosure

EFS Easy Chat Server 3.1 - Password Disclosure Exploit Title: Easy Chat Server Remote Password Disclosure Date: 09/10/2017 Software Link: http://echatserver.com/ecssetup.exe Exploit Author: Aitezaz Mohsin Vulnerable Version: v2.0 to v3.1 Vulnerability Type: Pre-Auth Remote Password Disclosure...

Directory traversal

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

CVE-2016-10367

In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...

Null pointer dereference

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...

CVE-2016-8723

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...

Moxa MXview < 2.9 Multiple Vulnerabilities (HTTP) - Active Check

Moxa MXview is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WordPress 'json' User Enumeration Vulnerability

WordPress is prone to a user enumeration vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

Apache Tika Detection (HTTP)

HTTP based detection of Apache Tika. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.810251";...

Buffer overflow

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

CVE-2016-9564

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

CVE-2016-9564

Boa Webserver 0.92r contains a buffer overflow in the send_redirect() function that can be triggered by a crafted HTTP GET request with a long URI composed only of '/' and '.' characters, leading to a denial-of-service condition. Multiple sources (NVD, CNVD, CVE records, and vendor write-ups) cor...

NBOX Detection (HTTP)

Detects the installed version of NBOX. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2016-6639

Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...