Lucene search
K

59 matches found

Prion
Prion
added 2023/05/22 4:15 p.m.27 views

Design/Logic Flaw

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

7.5CVSS9.1AI score0.00932EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/22 12:0 a.m.11 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.2AI score0.00932EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.5 views

PT-2023-23261 · Snap One · Ovrc Pro

Name of the Vulnerable Software and Affected Versions: Snap One OvrC Pro versions prior to 7.2 Description: The issue concerns a locally running web server in Snap One OvrC Pro that is accessible from both the local network and remotely. Additionally, there is a hidden superuser account in OvrC...

9.8CVSS6.8AI score0.00539EPSS
Exploits0References5
CVE
CVE
added 2023/05/22 12:0 a.m.55 views

CVE-2023-33293

CVE-2023-33293 affects KaiOS 3.0 and 3.1. The /system/kaios/api-daemon binary hosts a local web server at *.localhost with per-application subdomains (e.g., myapp.localhost). A malicious user can issue requests to the api-daemon to check whether a specific app is installed and to read manifest.we...

5.3CVSS5.1AI score0.0056EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/05/22 12:0 a.m.31 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.4AI score0.00932EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/05/22 12:0 a.m.17 views

CVE-2023-33293

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on .localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read th...

5.4AI score0.0056EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/22 12:0 a.m.8 views

CVE-2023-33293

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on .localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read th...

6.8AI score0.0056EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.4 views

Ultimaker 3D printer 安全漏洞

The Ultimaker 3D printer is a range of powerful, professional 3D printers from Dutch company Ultimaker. A security vulnerability exists in several Ultimaker products that originates from a local web server that can be used for clickjacking...

7.1CVSS7.1AI score0.00814EPSS
Exploits0References4
OSV
OSV
added 2021/11/12 10:15 p.m.5 views

CVE-2021-3790

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device...

6.5CVSS6.1AI score0.00391EPSS
Exploits0References1
Gitee
Gitee
added 2020/02/14 11:51 p.m.7 views

PowerTools

This repository is an offensive tool for PowerShell exploitation. It contains a collection of scripts that utilize a common pattern to host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server, and then...

7.2AI score
Exploits0
OSV
OSV
added 2020/01/13 5:15 p.m.4 views

CVE-2019-18894

In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently...

7.8CVSS6AI score0.01776EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/07/13 11:0 a.m.2 views

Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw

The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing an...

8.8CVSS8.2AI score0.03797EPSS
Exploits2
The Hacker News
The Hacker News
added 2019/07/09 6:31 a.m.1 views

Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

If you use Zoom video conferencing software on your Mac computer—then beware—any website you're visiting in your web browser can turn on your device camera without your permission. Ironically, even if you had ever installed the Zoom client on your device and simply uninstalled it, a remote attack...

6.5CVSS7.5AI score0.03523EPSS
Exploits1
NVD
NVD
added 2019/06/28 10:15 p.m.19 views

CVE-2019-13028

An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...

8.8CVSS8.6AI score0.03658EPSS
Exploits1References3
Prion
Prion
added 2019/06/28 10:15 p.m.17 views

Design/Logic Flaw

An incorrect implementation of a local web server in eID client Windows version before 3.1.2, Linux version before 3.0.3 allows remote attackers to execute arbitrary code .cgi, .pl, or .php or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the...

6.8CVSS8.6AI score0.03658EPSS
Exploits1References3Affected Software1
The Hacker News
The Hacker News
added 2019/05/02 8:14 a.m.5 views

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers...

8.8CVSS8AI score0.16145EPSS
Exploits0
CNVD
CNVD
added 2017/04/13 12:0 a.m.3 views

Philips In.Sight B120/37 Privilege Gain Vulnerability

The Philips In.Sight B120/37 is a video monitoring device for infants from Philips Netherlands. A privilege acquisition vulnerability exists in the Philips In.Sight B120/37. Sight B120/37 can be exploited to gain access to the local web server and operating system...

10CVSS6.9AI score0.01566EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2010/06/04 12:0 a.m.23 views

PHP SETI@Home Web Monitor Local File Inclusion / Remote File Inclusion

=========================================================================== PHP SETI@home web monitor phpsetimon RFI / LFI Vulnerability =========================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 1999/12/12 12:0 a.m.4 views

PT-1999-1526 · Disney · Disney Go Express

Name of the Vulnerable Software and Affected Versions: Disney Go Express affected versions not specified Description: The issue allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system. Recommendations: At the moment, there is ...

2.6CVSS6.4AI score0.01458EPSS
Exploits0References2
Rows per page
Query Builder