python-gevent: privilege escalation via a crafted script to the WSGIServer component

A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...

python-gevent: privilege escalation via a crafted script to the WSGIServer component

A flaw was found in python-event, which could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script, an attacker can gain elevated privileges...

CVE-2024-35231 rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profilerruns was not constrained to any limitation. This would lead to...

CVE-2024-25126

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

PYSEC-2023-177

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component...

GMAO LINX LINX Sphere 路径遍历漏洞

GMAO LINX LINX Sphere is a software from GMAO LINX designed for the overall management of industrial and construction grade maintenance departments. A security vulnerability exists in GMAO LINX LINX Sphere version 7.35.ST15, which stems from a directory traversal in the component...

The vulnerability of the WSGI server for Python Waitress allows attackers to compromise data integrity.

The vulnerability of the WSGI server for Python Waitress is related to an incorrect analysis of the Transfer-Encoding header. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

Realtek Jungle SDK 安全漏洞

The Realtek Jungle SDK from China's Realtek Semiconductor Realtek provides an HTTP web server that exposes a management interface that can be used to configure access points. A security vulnerability exists in the Realtek Jungle SDK, which stems from a failure of the product's configuration...

CVE-2020-7208

LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. Recent assessments: cinzinga at March 09, 2020 9:38pm UTC reported: I am the founder of this exploit. While it is in a Hewlett-Packard product, it is a very obscure piece of software and was no longer actively...

Waitress Environment Issue Vulnerability

Waitress is a WSGI Web Server Gateway Interface server for Python. An environmental issue vulnerability exists in Waitress 1.4.0 and earlier versions. The vulnerability stems from an unreasonable environmental factor in a networked system or product. An attacker could exploit this vulnerability t...

PT-2018-3939 · Cisco · Asa 5500-X Series Next-Generation Firewalls +6

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified 3000 Series Industrial Security Appliances affected versions not specified Adaptive Security Virtual Appliance ASAv affected versions not specified ASA 5500 Series...

Rack 'normalize_params()' function denial of service vulnerability

Rack is a Ruby Web server interface that unifies APIs for Web servers, Web frameworks, and middleware, and supports calling them using a single method. A security vulnerability in the Rack 'normalizeparams' function allows remote attackers to conduct denial-of-service attacks that can be exploite...

Rack: Multiple vulnerabilities

Background Rack is a modular Ruby web server interface. Description Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a...

IPCheck Server Monitor Traversal Arbitrary File Access

The remote host is running IPCheck Server Monitor, a network resource monitoring tool for Windows. The installed version of IPCheck Server Monitor fails to filter directory traversal sequences from requests that pass through web server interface. An attacker can exploit this issue to read arbitra...

GFHost PHP GMail - Remote Command Execution

GFHost PHP GMail - Remote Command Execution GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 =...