5296 matches found
Command injection
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code...
CVE-2020-11920
Svakom Siime Eye, version 14.1.00000001.3.330.0.0.3.14, contains a command injection in the HOST/IP field of the NFS settings in its webserver. Injecting Bash commands via shell metacharacters can allow arbitrary root-level code execution (all device services run as root). Public connected docume...
PT-2021-9427 · Svakom · Svakom Siime Eye
Name of the Vulnerable Software and Affected Versions: Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14 Description: A command injection issue resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters,...
OpenCVE - CVE Alerting Platform
OpenCVE , formerly known as Saucs , is a platform used to locally import the list of CVEs and perform searches on it by vendors, products, CVSS, CWE.... Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE. How does...
Openlitespeed Web Server 1.7.8 Command Injection
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...
CVE-2020-25226
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...
CVE-2020-15800
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...
CVE-2020-15800
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...
CVE-2020-25226
Siemens SCALANCE X products are affected by CVE-2020-25226: heap-based/buffer overflow in the devices’ web server. Affected: SCALANCE X-200 (incl. SIPLUS NET) below v5.2.5, SCALANCE X-200IRT below v5.5.0, and SCALANCE X-300 below v4.1.0 (X-300 also affected by CVE-2020-15800 per ICS advisory). Ex...
CVE-2020-15800
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. The webserver of t...
CVE-2020-15800
Siemens SCALANCE X products are affected by CVE-2020-15800. The web server on SCALANCE X-200 family (incl. SIPLUS NET), X-200IRT family, and X-300 family may experience a heap-based buffer overflow when receiving specially crafted requests, potentially causing the web server to stop temporarily. ...
CVE-2020-25226
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...
dirsearch 0.4.1 CSV Injection
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Date: 2021-01-05 Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv fil...
dirsearch 0.4.1 - CSV Injection Vulnerability
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv file without...
dirsearch 0.4.1 - CSV Injection
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Date: 2021-01-05 Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv fil...
Swego - Swiss Army Knife Webserver In Golang
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port default "8080" -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -da...
Apache Airflow Webserver Unauthorized Access Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow Webserver versions prior to 1.10....
Cross site request forgery (csrf)
async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...
PYSEC-2020-22
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...
PYSEC-2020-22
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have...