Redirection Vulnerability Open in Multiple Siemens Products

Siemens SIMATIC HMI Comfort Panels and so on are used to control and monitor the HMI software of machines and equipment of Siemens Siemens Company of Germany. An open redirect vulnerability exists in the webserver of several Siemens products, which can be exploited by an attacker to redirect user...

Shell In A Box 2.2.0 Denial Of Service

Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugin...

Intel Rapid Web Server webserver component information disclosure vulnerability

Intel Rapid Web Server is a rapid storage server from Intel Corporation. webserver is one of the web server components. A security vulnerability exists in the webserver component of Intel Rapid Web Server version 3. An attacker can exploit this vulnerability by accessing the network to obtain...

WAGO 750-881 01.09.18 - Cross-Site Scripting

WAGO 750-881 01.09.18 - Cross-Site Scripting Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting Date: 2018-08-30 Exploit Author: SecuNinja @secuninja Vendor Homepage: wago.com Version: 01.09.1813 and earlier Affected Products: Ethernet Controller 750-881 - 01.09.1813, 01.08.01 10 CVE : N...

CVE-2018-12161

Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access...

CVE-2018-12161

CVE-2018-12161 affects Intel Rapid Web Server 3 webserver component. The issue is insufficient session validation that may allow an unauthenticated user to disclose information over the network. Affected product: Intel Rapid Web Server 3 webserver component. Impact: information disclosure with ne...

Unrestricted file upload

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable co...

[20190202] - Core - Browserside mime-type sniffing causes XSS attack vectors

A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector...

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...

CVE-2018-17178

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands sent to /bin/webserver on port 8081 if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though th...

CVE-2018-17176

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication always transmitted in cleartext can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all...

CVE-2018-17176

A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication always transmitted in cleartext can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all...

Node.js third-party modules: List any file in the folder by using path traversal

I would like to report Path Traversal in simplehttpserver. It allows to list any file in another folder of web root. Module module name: simplehttpserver version: v0.2.1 npm page: https://www.npmjs.com/package/simplehttpserver Module Description 'simpehttpserver' is an simple imitation of python'...

Episerver 7 patch 4 - XML External Entity Injection

Exploit Title: Episerver 7 patch 4 - XML External Entity Injection Google Dork: N/A Date: 2018-08-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.episerver.se/ Version: Episerver 7 patch 4 and below CVE : N/A episploit.py - Blind XXE file read exploit for Episerver 7 patch 4 and below...

Debian DSA-4278-1 : jetty9 - security update

Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4278. The text itself is...

CVE-2018-10917

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

WebRTC - H264 NAL Packet Processing Type Confusion

Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before this loop, and if it is true, the loop extracts and se...

Unspecified Vulnerability in Webgrind

Webgrind is a set of PHP execution time analysis tool . A security vulnerability exists in Webgrind version 1.5, which is caused by the program relying on user input to display files. The vulnerability can be exploited to view files on the local file system that are accessible to the Webserver us...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

CVE-2018-12909

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment...