CVE-2020-11920

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code...

CVE-2020-10459

Path Traversal in admin/assetmanager/assetmanager.php vulnerable function saved in admin/assetmanager/functions.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence ../ via the POST parameter inpCurrFolder...

CVE-2020-28946

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...

CVE-2020-13914

webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service Segmentation fault to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300,...

CVE-2019-19460

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...

CVE-2019-8232

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

CVE-2019-13585

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request...

CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers disclos...

CVE-2019-13584

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request...

CVE-2019-10925

A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...

CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

CVE-2012-5344

Directory traversal vulnerability in the WebServer Thttpd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to read arbitrary files via a .. dot dot in a HTTP request...

CVE-2017-1000471

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

CVE-2002-2430

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service CPU consumption by performing a socket disconnect to terminate a request before it has been fully processed by the server...

CVE-2002-1828

Savant Webserver 3.1 allows remote attackers to cause a denial of service crash via an HTTP GET request with a negative Content-Length value...

CVE-2002-1941

Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service crash via a long HTTP GET request with the Host header set...

CVE-2009-5111

GoAhead WebServer allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...

CVE-2002-2431

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c...