Lucene search
K

144 matches found

securityvulns
securityvulns
added 2015/05/12 12:0 a.m.39 views

Appweb web server DoS

NULL poiinter dereference on Range: header parsing...

5CVSS2.2AI score0.5643EPSS
Exploits2References1Affected Software1
ThreatPost
ThreatPost
added 2015/05/05 2:34 p.m.26 views

Vulnerability-Riddled Drug Pumps Open to Takeover

One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across. Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple...

10CVSS0.3AI score0.05162EPSS
Exploits0References6
CNVD
CNVD
added 2015/04/01 12:0 a.m.3 views

Embedthis Software Appweb Denial of Service Vulnerability

Embedthis Software AppWeb is a fast and small web server from Embedthis Software, USA, which is used for embedded applications, appliances and web services and supports security defense policies, digestive authentication, virtual hosting and more. A security vulnerability exists in Embedthis...

5CVSS6.8AI score0.5643EPSS
Exploits2References1
NVD
NVD
added 2015/03/31 2:59 p.m.22 views

CVE-2014-9708

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service NULL pointer dereference via a Range header with an empty value, as demonstrated by "Range: x=,"...

5CVSS6.5AI score0.5643EPSS
Exploits2References14
Positive Technologies
Positive Technologies
added 2015/03/31 12:0 a.m.5 views

PT-2015-4358 · Embedthis +2 · Appweb +2

Name of the Vulnerable Software and Affected Versions: Embedthis Appweb versions 4.6.6 and earlier, 5.x before 5.2.1 PAN-OS versions prior to 5.0.20 PAN-OS versions prior to 5.1.13 PAN-OS versions prior to 6.0.15 PAN-OS versions prior to 6.1.15 PAN-OS versions prior to 7.0.11 PAN-OS versions prio...

5CVSS9AI score0.5643EPSS
Exploits2References17
Cvelist
Cvelist
added 2015/03/31 12:0 a.m.30 views

CVE-2014-9708

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service NULL pointer dereference via a Range header with an empty value, as demonstrated by "Range: x=,"...

6.4AI score0.5643EPSS
Exploits2References14
CVE
CVE
added 2015/03/31 12:0 a.m.68 views

CVE-2014-9708

CVE-2014-9708 relates to Embedthis Appweb, where versions before 4.6.6 and 5.x before 5.2.1 are vulnerable to a remote denial of service caused by a NULL pointer dereference when handling a Range header with an empty value (e.g., “Range: x=,”). The vulnerability is triggered by processing a craft...

5CVSS8.9AI score0.5643EPSS
Exploits2References14Affected Software1
Packet Storm
Packet Storm
added 2015/03/28 12:0 a.m.55 views

Appweb Web Server Denial Of Service

Affected software: Appweb Web Server CVE ID: CVE-2014-9708 Description: An HTTP request with a Range header of the form "Range: x=," ie. with an empty range value will cause a null pointer dereference, leading to a remotely-triggerable DoS. Fixed versions: 4.6.6, 5.2.1 Bug entry:...

5CVSS9.5AI score0.5643EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Embedthis Appweb 3.1.2 - Remote DoS

No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------+ | ....... | | ..''xxxxxxxxxxxxxxx'... | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

EmbedThis Appweb 3.0B.2-4 - Multiple Remote Buffer Overflow PoC

No description provided by source. !/usr/bin/python EmbedThis Appweb v3.0B.2-4 Multiple Remote Buffer Overflow PoCs Found By: DrIDE Based On: http://www.milw0rm.com/exploits/9411 Tested On: XP SP2 Notes: These don't seem to actually take down the server, they cause a fault in libappweb.dll. from...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. This...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.1390 views

XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3

Vulnerability Type: XSS Cross-Site Scripting - Original release date: November 11th, 2013 - Last revised: November 11th, 2013 - Discovered by: Andrea Bodei - A2SECURE - Severity: 4.3/10 CVSSv2 Base Scored Products and affected versions: JUNOS up to 11.4 probably 12.1 and 12.3 vulnerable...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/11/15 12:0 a.m.39 views

Juniper Junos EmbedThis AppWeb error Parameter XSS

The version of Junos installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'error' parameter of the 'index.php' script. An attacker may be able to leverage this issue to inject arbitrary HTML and script co...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/08/02 12:0 a.m.55 views

Appweb HTTP Server Version

The remote host is running the Appweb HTTP Server, an open source web server. It was possible to read its version number from the banner. Note that 'Embedthis' used to be known as 'Mbedthis' and 'Appweb' used to be known as 'AppWeb'. C Tenable Network Security, Inc. include"compat.inc"; if...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/08/02 12:0 a.m.56 views

Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overflow Vulnerability

According to its banner, the version of Appweb installed on the remote host is 3.1.x, 3.2.x or 3.3.x earlier than 3.3.3. It is, therefore, potentially affected by a heap-based buffer overflow vulnerability caused by a casting error in the function 'mprUrlEncode' in the file 'src/mpr/mprLib.c'. No...

5.7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2011/12/02 12:0 a.m.71 views

Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability

The host is running Mbedthis AppWeb Server and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmbedthiswebapphttptracemethodxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability Authors: Rachana Shett...

4.3CVSS6.2AI score0.01454EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2011/12/02 12:0 a.m.64 views

Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability

Mbedthis AppWeb Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6AI score0.01454EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2011/01/03 12:0 a.m.13 views

Appweb Web Server Cross Site Scripting Vulnerability

Appweb is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal...

7AI score
Exploits0References4
OpenVAS
OpenVAS
added 2011/01/03 12:0 a.m.18 views

Appweb Web Server <= 3.2.2-1 XSS Vulnerability - Active Check

Appweb is prone to a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.2AI score
Exploits0References2
Packet Storm
Packet Storm
added 2010/12/25 12:0 a.m.20 views

Embedthis Appweb Web Server 3.2.2-1 Cross Site Scripting

Embedthis Appweb Web Server 3.2.2-1 Ejscript Remote XSS Vulnerability Vendor: Embedthis Software LLC Product web page: http://www.appwebserver.org, http://www.ejscript.org Version affected: 3.2.2-1 Summary: Appweb has a multi-threaded, event-driven, core to deliver exceptional throughput, respons...

Exploits0
Rows per page
Query Builder