144 matches found
Appweb web server DoS
NULL poiinter dereference on Range: header parsing...
Vulnerability-Riddled Drug Pumps Open to Takeover
One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across. Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple...
Embedthis Software Appweb Denial of Service Vulnerability
Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is used for embedded applications, appliances and web services and supports security defense policies, digestive authentication, virtual hosting and more. A security vulnerability exists in Embedthis...
CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service NULL pointer dereference via a Range header with an empty value, as demonstrated by "Range: x=,"...
PT-2015-4358 · Embedthis +2 · Appweb +2
Name of the Vulnerable Software and Affected Versions: Embedthis Appweb versions 4.6.6 and earlier, 5.x before 5.2.1 PAN-OS versions prior to 5.0.20 PAN-OS versions prior to 5.1.13 PAN-OS versions prior to 6.0.15 PAN-OS versions prior to 6.1.15 PAN-OS versions prior to 7.0.11 PAN-OS versions prio...
CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service NULL pointer dereference via a Range header with an empty value, as demonstrated by "Range: x=,"...
CVE-2014-9708
CVE-2014-9708 relates to Embedthis Appweb, where versions before 4.6.6 and 5.x before 5.2.1 are vulnerable to a remote denial of service caused by a NULL pointer dereference when handling a Range header with an empty value (e.g., “Range: x=,”). The vulnerability is triggered by processing a craft...
Appweb Web Server Denial Of Service
Affected software: Appweb Web Server CVE ID: CVE-2014-9708 Description: An HTTP request with a Range header of the form "Range: x=," ie. with an empty range value will cause a null pointer dereference, leading to a remotely-triggerable DoS. Fixed versions: 4.6.6, 5.2.1 Bug entry:...
Embedthis Appweb 3.1.2 - Remote DoS
No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...
EmbedThis Appweb 3.0B.2-4 - Multiple Remote Buffer Overflow PoC
No description provided by source. !/usr/bin/python EmbedThis Appweb v3.0B.2-4 Multiple Remote Buffer Overflow PoCs Found By: DrIDE Based On: http://www.milw0rm.com/exploits/9411 Tested On: XP SP2 Notes: These don't seem to actually take down the server, they cause a fault in libappweb.dll. from...
Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. This...
XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3
Vulnerability Type: XSS Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 CVSSv2 Base Scored Products and affected versions: JUNOS up to 11.4 probably 12.1 and 12.3 vulnerable...
Juniper Junos EmbedThis AppWeb error Parameter XSS
The version of Junos installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'error' parameter of the 'index.php' script. An attacker may be able to leverage this issue to inject arbitrary HTML and script co...
Appweb HTTP Server Version
The remote host is running the Appweb HTTP Server, an open source web server. It was possible to read its version number from the banner. Note that 'Embedthis' used to be known as 'Mbedthis' and 'Appweb' used to be known as 'AppWeb'. C Tenable Network Security, Inc. include"compat.inc"; if...
Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability
According to its banner, the version of Appweb installed on the remote host is 3.1.x, 3.2.x or 3.3.x earlier than 3.3.3. It is, therefore, potentially affected by a heap-based buffer overflow vulnerability caused by a casting error in the function 'mprUrlEncode' in the file 'src/mpr/mprLib.c'. No...
Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability
The host is running Mbedthis AppWeb Server and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmbedthiswebapphttptracemethodxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability Authors: Rachana Shett...
Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability
Mbedthis AppWeb Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Appweb Web Server Cross Site Scripting Vulnerability
Appweb is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal...
Appweb Web Server <= 3.2.2-1 XSS Vulnerability - Active Check
Appweb is prone to a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Embedthis Appweb Web Server 3.2.2-1 Cross Site Scripting
Embedthis Appweb Web Server 3.2.2-1 Ejscript Remote XSS Vulnerability Vendor: Embedthis Software LLC Product web page: http://www.appwebserver.org, http://www.ejscript.org Version affected: 3.2.2-1 Summary: Appweb has a multi-threaded, event-driven, core to deliver exceptional throughput, respons...