CVE-2023-31409

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests...

CVE-2023-41926

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

CVE-2023-41922

A 'Cross-site Scripting' XSS vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation...

CVE-2023-3329

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting syste...

CVE-2023-25200

An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...

CVE-2023-38380

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions = V6.1 V6.1 HF2, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL 6AG2542-6VX00-4XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC 6AG1543-6WX00-7XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC TX...

CVE-2022-43985

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-45402

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint...

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

CVE-2022-29493

Uncaught exception in webserver for the Integrated BMC in some IntelR platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access...

CVE-2021-25668

A vulnerability has been identified in SCALANCE X200-4P IRT All versions 5.5.1, SCALANCE X201-3P IRT All versions 5.5.1, SCALANCE X201-3P IRT PRO All versions 5.5.1, SCALANCE X202-2 IRT All versions 5.5.1, SCALANCE X202-2P IRT incl. SIPLUS NET variant All versions 5.5.1, SCALANCE X202-2P IRT PRO...

CVE-2021-34087

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page...

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

CVE-2021-37388

A buffer overflow in D-Link DIR-615 C2 3.03WW. The pingipaddr parameter in pingresponse.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution...

CVE-2021-34086

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests...

CVE-2021-30121

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118...

CVE-2021-27459

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code...

CVE-2020-3657

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2020-29238

An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request...