144 matches found
CVE-2020-2041
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...
CVE-2020-2041
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...
Cross site request forgery (csrf)
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...
CVE-2020-2041
CVE-2020-2041 describes a denial-of-service condition in Palo Alto Networks PAN-OS caused by an insecure configuration of the appweb daemon . The vulnerability allows a remote, unauthenticated actor to send a crafted request that crashes the appweb service, leading to a restart of PAN-OS services...
PAN-OS: Management web interface denial-of-service (DoS)
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...
Appweb Null Pointer Dereference Vulnerability
Appweb is a web server for embedded applications. Appweb suffers from a null pointer dereference vulnerability. The vulnerability stems from the fact that Appweb, which supports CGI, does not properly handle HTTP requests with a Range header that lacks an exact range. An attacker could exploit th...
CVE-2020-15689
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...
CVE-2020-15689
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...
Null pointer dereference
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...
CVE-2020-15689
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...
CVE-2020-15689
CVE-2020-15689 affects Appweb prior to 7.2.2 and 8.x prior to 8.1.0 when built with CGI support. A crafted HTTP Range header lacking an exact range can cause a NULL pointer dereference, leading to a denial of service. Impact is described as a crash/DoS without additional exploitation details in t...
The vulnerability of Web servers Embedthis GoAhead and Embedthis Appweb, related to POST HTTP request processing errors, allows attackers to trigger a service failure.
The vulnerability of Embedthis GoAhead and Embedthis Appweb web servers is related to HTTP request processing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of Web servers Embedthis GoAhead and Embedthis Appweb, related to HTTP request processing errors, allows attackers to trigger service interruptions.
The vulnerability of Embedthis GoAhead and Embedthis Appweb web servers is related to HTTP request processing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Dynacolor FCM-MB40 Trust Management Issues Vulnerability
Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A security vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0, which originates from the program storing web-based administrative credentials in plaintext in /etc/appWeb/appweb.pass. An attacker could exploit the vulnerability...
CVE-2019-13400
CVE-2019-13400 affects Dynacolor FCM-MB40 v1.2.0.0. The issue arises from storing administrative web-interface credentials in cleartext at /etc/appWeb/appweb.pass, which can be retrieved by accessing cgi-bin/getuserinfo.cgi?mode=info. The vulnerability is evidenced in multiple sources (NVD entry ...
Can your Printer Hack your Secrets: Appweb Authorization Bypass
How IoT can pave the way for data breaches: Understanding the Appweb Authorization Bypass An engineering POV into everyday vulnerability. The everyday things you rely on may leave you vulnerable to attack. And it may not be the things themselves, but what is hiding inside. Are your IoT devices,...
Appweb < 7.0.3 authCondition Authentication Bypass Vulnerability
According to its banner, the version of Appweb installed on the remote host is prior to 7.0.3. It is, therefore, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. Note...
CVE-2018-15505
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing '' character in an IPv6 address...
CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11...
CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11...