Yaws 1.91 - Local File Inclusion

Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. id: CVE-2017-10974 info: name: Yaws 1.91 - Local File Inclusion author: 0xAkoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. impact: |...

EUVD-2020-5153

Malware in sbrugna...

EUVD-2020-17111

Malware in sbrugna...

EUVD-2011-4930

Malware in sbrugna...

EUVD-2010-4156

Malware in sbrugna...

EUVD-2009-4461

Malware in sbrugna...

EUVD-2005-2010

Malware in sbrugna...

EUVD-2016-1053

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-24379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. CVE-2020-24379 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2020-24916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. CVE-2020-24916 Note that Nessus relies on the presence of th...

Linux Distros Unpatched Vulnerability : CVE-2020-12872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP...

Linux Distros Unpatched Vulnerability : CVE-2016-1000108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of...

Linux Distros Unpatched Vulnerability : CVE-2009-4495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

Yaws Web Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Yaws Web Server Directory Traversal", 'Description' = %q This module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can on...

VulnCheck KEV: CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on...

SUSE CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

Debian DSA-4773-1 : yaws - security update

Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. - CVE-2020-24379 The WebDAV implementation is prone to a XML External Entity XXE injection vulnerability. - CVE-2020-24916 The CGI implementation does not properly sanitize CGI requests allowing ...

Debian: Security Advisory (DSA-4773-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4773-1] yaws security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4773-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 16, 2020 https://www.debian.org/security/faq -...