Lucene search
K

8 matches found

Circl
Circl
added 2024/11/10 12:0 a.m.46 views

CVE-2017-10974

creationtimestamp| type| source ---|---|--- 2024-11-10 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-10 2024-12-14 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-14 2024-12-15 00:00:00+00:00| seen| The Shadowserver...

7.5CVSS7.1AI score0.81028EPSS
In wildExploits5References3
NVD
NVD
added 2017/07/07 11:29 a.m.21 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS7.5AI score0.81028EPSS
Exploits5References3
Cvelist
Cvelist
added 2017/07/07 11:0 a.m.24 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5AI score0.81028EPSS
Exploits5References3
CVE
CVE
added 2017/07/07 11:0 a.m.94 views

CVE-2017-10974

Yaws 1.91 is affected by an unauthenticated local file inclusion through HTTP directory traversal using an initial /%5C../ sequence to port 8080. The root cause is improper handling of a backslash-dot-dot variant that defeats traversal protections, enabling access to local files (including sensit...

7.5CVSS7.4AI score0.81028EPSS
In wildExploits5References3Affected Software1
Debian CVE
Debian CVE
added 2017/07/07 11:0 a.m.33 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS3.1AI score0.81028EPSS
Exploits5
0day.today
0day.today
added 2017/07/07 12:0 a.m.60 views

Yaws 1.91 - Remote File Disclosure Vulnerability

Exploit for multiple platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 Yet Another Web Server Yaws is a HTTP high perfomance 1.1 webserver particularly well suited for dynamic-content web applications. Two...

5CVSS7.6AI score0.81028EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/07/07 12:0 a.m.50 views

Yaws 1.91 Unauthenticated Remote File Disclosure

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 Yet Another Web Server...

7.5AI score0.81028EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/07/07 12:0 a.m.74 views

Yaws 1.91 - Remote File Disclosure

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 Yet Another Web Server...

7.5CVSS7.6AI score0.81028EPSS
Exploits5
Rows per page
Query Builder