CVE-2024-22088

Lotos WebServer through 0.1.1 commit 3eb36cc has a use-after-free in bufferavail at buffer.h via a long URI, because realloc is mishandled...

CVE-2024-22088

CVE-2024-22088 affects Lotos WebServer up to version 0.1.1. The issue is a use-after-free in buffer_avail() in buffer.h triggered by handling a long URI, caused by mishandling of realloc. Documentation across multiple sources (NVD/Red Hat OSV/CNNVD/CVE records) confirms the same description, with...

CVE-2023-5880 Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

CVE-2023-5880 Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

CVE-2021-46901

examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR aka 6lbr 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network...

CETIC-6LBR Security Vulnerability

CETIC-6LBR is an open source 6LoWPAN/RPL border router based on the Contiki operating system. A security vulnerability exists in CETIC-6LBR version 1.5.0, which originates from a buffer overflow vulnerability in the component examples/6lbr/apps/6lbr-webserver/httpd.c. The vulnerability is caused ...

Hitachi Energy RTU500 Series Improper Neutralization of Input During Web Page Generation (CVE-2023-5769)

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross- site scripting on the webserver due to user input being improperly sanitized. This plugin only works with Tenable.ot. Please visit...

Hitachi Energy RTU500 Series Improper Neutralization of Input During Web Page Generation (CVE-2023-5767)

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross- site scripting on the webserver due to an RDT language file being improperly sanitized. This plugin only works with Tenable.ot. Please visit...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire Authentication Bypass This reposito...

CVE-2023-5769

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

CVE-2023-5769

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

Cross site scripting

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

CVE-2023-5769

Hitachi Energy RTU500 series webserver is affected by CVE-2023-5769. The issue is a cross-site scripting vulnerability caused by user input not being properly sanitized in the RTU500 series webserver component. Reported details from multiple sources describe the vulnerability as affecting RTU500 ...

CVE-2023-5769

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

CVE-2023-38380

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions = V6.1 V6.1 HF2, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL 6AG2542-6VX00-4XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC 6AG1543-6WX00-7XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC TX...

CVE-2023-38380

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions = V6.1 V6.1 HF2, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL 6AG2542-6VX00-4XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC 6AG1543-6WX00-7XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC TX...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions = V6.1 V6.1 HF2, SIPLUS NET CP 1543-1 6AG1543-1AX00-2XE0 All versions V3.0.37. The webserver implementation of the affected products does not correctly release allocated memory after it has been used. A...

CVE-2023-38380

CVE-2023-38380 describes a denial-of-service vulnerability in the webserver implementations of Siemens SIMATIC/SIPLUS devices (e.g., CP 1242/1243 family, CP 1542/1543 variants, SINAMICS S210, SIPLUS NET CP 1543-1, etc.). The root cause is that the webserver fails to correctly release allocated me...

CVE-2023-49563

Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...

[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...