EUVD-2015-1147

Malware in sbrugna...

EUVD-2015-1149

Malware in sbrugna...

CVE-2015-1005

IniNet embeddedWebServer aka eWebServer before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors...

CVE-2015-1003

Directory traversal vulnerability in IniNet embeddedWebServer aka eWebServer before 2.02 allows remote attackers to read arbitrary files via a crafted pathname...

Directory traversal

Directory traversal vulnerability in IniNet embeddedWebServer aka eWebServer before 2.02 allows remote attackers to read arbitrary files via a crafted pathname...

CVE-2015-1001

Multiple stack-based buffer overflows in IniNet embeddedWebServer aka eWebServer before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request...

Stack overflow

Multiple stack-based buffer overflows in IniNet embeddedWebServer aka eWebServer before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request...

Default credentials

IniNet embeddedWebServer aka eWebServer before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors...

Spoofing

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...

CVE-2015-1005

IniNet embeddedWebServer (eWebServer) for Windows CE, prior to version 2.02, stores passwords in cleartext (CWE-312). This creates confidentiality risks for context-dependent attackers who may obtain credentials through unspecified vectors. The vulnerability is not remotely exploitable per availa...

CVE-2015-1002

IniNet embeddedWebServer (aka eWebServer) prior to version 2.02 is vulnerable to an Improper Handling of URL Encoding (HEX Encoding) that can allow remote attackers to write to or delete files via a crafted string. The CVE-2015-1002 entry is corroborated by multiple sources (NVD/NVD-derived) and ...

CVE-2015-1003

CVE-2015-1003 concerns the IniNet embeddedWebServer (aka eWebServer) prior to version 2.02, where a path traversal vulnerability (CWE-22) allows remote attackers to read arbitrary OS files via crafted pathname. Public sources consistently describe this as a directory traversal flaw in the SCADA W...

CVE-2015-1002

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...

CVE-2015-1003

Directory traversal vulnerability in IniNet embeddedWebServer aka eWebServer before 2.02 allows remote attackers to read arbitrary files via a crafted pathname...

CVE-2015-1005

IniNet embeddedWebServer aka eWebServer before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors...

CVE-2015-1001

Multiple stack-based buffer overflows in IniNet embeddedWebServer aka eWebServer before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request...

CVE-2015-1001

The CVE-2015-1001 affects IniNet Solutions SCADA Web Server (embeddedWebServer/eWebServer) prior to version 2.02. Multiple stack-based buffer overflows occur when parsing HTTP requests with long fields, leading to remote arbitrary code execution. Affected product is the IniNet SCADA Web Server (t...

IniNet Solutions embeddedWebServer Cleartext Storage Vulnerability

OVERVIEW Aleksandr Timorin of Positive Technologies has identified a cleartext storage of sensitive information vulnerability in IniNet Solutions GmbH’s embeddedWebServer eWebServer. IniNet Solutions GmbH has produced a new version that mitigates this vulnerability. AFFECTED PRODUCTS The followin...