Lucene search
K

6 matches found

NVD
NVD
added 2017/09/07 1:29 p.m.17 views

CVE-2017-11567

Cross-site request forgery CSRF vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to mgadmin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely...

8.8CVSS9.2AI score0.04135EPSS
Exploits5References3
CVE
CVE
added 2017/09/07 1:0 p.m.74 views

CVE-2017-11567

CVE-2017-11567 concerns the Mongoose Web Server (Free Edition) where a CSRF vulnerability exists in versions before 6.9. The issue allows remote attackers to hijack user authentication to perform requests that modify Mongoose.conf via a request to __mg_admin?save, and this note states it can be l...

8.8CVSS9.2AI score0.04135EPSS
Exploits5References3Affected Software1
0day.today
0day.today
added 2017/09/05 12:0 a.m.39 views

Mongoose Web Server 6.5 CSRF / Command Execution Vulnerability

Mongoose Web Server version 6.5 suffers from cross site request forgery and remote command execution vulnerabilities. + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt +...

6.8CVSS9AI score0.04135EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/09/05 12:0 a.m.57 views

Mongoose Web Server 6.5 CSRF / Command Execution

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server Free Edition...

8.8AI score0.04135EPSS
Exploits5
exploitpack
exploitpack
added 2017/09/04 12:0 a.m.30 views

Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution

Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...

6.8CVSS0.04135EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.43 views

Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server Free Edition...

8.8CVSS8.8AI score0.04135EPSS
Exploits5
Rows per page
Query Builder