Cesanta Mongoose Websocket Protocol Packet Length Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow resulting leading to heap buffer overflow resulting in denial of service and potential remote code...

Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak

Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An...

Cesanta Mongoose MQTT SUBSCRIBE Multiple Topics Remote Code Execution

Summary An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT...

Cesanta Mongoose MQTT Payload Length Remote Code Execution

Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and...

Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP...

Mongoose Embedded Web Server Library 6.8 Buffer Overflow Exploit

Exploit for multiple platform in category remote exploits Product: Mongoose Embedded Web Server Library Vendor: Cesanta CVE ID: Not yet assigned. CSNC ID: CSNC-2017-023 Subject: Stack based buffer overflow Risk: High Effect: Remotely exploitable Author: Dobin Rutishauser Date: 2017-09-20...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to mgadmin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely...

CVE-2017-11567

Cross-site request forgery CSRF vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to mgadmin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely...

CVE-2017-11567

Cross-site request forgery CSRF vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to mgadmin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely...

CVE-2017-11567

CVE-2017-11567 concerns the Mongoose Web Server (Free Edition) where a CSRF vulnerability exists in versions before 6.9. The issue allows remote attackers to hijack user authentication to perform requests that modify Mongoose.conf via a request to __mg_admin?save, and this note states it can be l...

CVE-2017-11567

Cross-site request forgery CSRF vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to mgadmin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely...

Mongoose Web Server Cross-Site Request Forgery Vulnerability

Mongoose Web Server is a WEB service program. A cross-site request forgery vulnerability exists in Mongoose Web Server because the application fails to properly validate HTTP requests. A remote attacker could be allowed to exploit the vulnerability to perform certain unauthorized actions and acce...

Mongoose Web Server 6.5 CSRF / Command Execution Vulnerability

Mongoose Web Server version 6.5 suffers from cross site request forgery and remote command execution vulnerabilities. + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt +...

Mongoose Web Server 6.5 CSRF / Command Execution

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server Free Edition...

Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution

Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...

Mongoose Web Server 6.5 - Cross-Site Request Forgery / Remote Code Execution

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server Free Edition...

Cesanta Mongoose Embedded Web Server Library and Mongoose OS Memory Misreference Vulnerability

Cesanta Mongoose Embedded Web Server Library and Mongoose OS are both products of the American company Cesanta. The former is a web library for embedded web servers; the latter is an open source operating system for the Internet of Things. A memory misreference exists in the...

CVE-2017-7185

Use-after-free vulnerability in the mghttpmultipartwaitforboundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service crash via a multipart/form-data POST request without a MIM...

CVE-2017-7185

Use-after-free vulnerability in the mghttpmultipartwaitforboundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service crash via a multipart/form-data POST request without a MIM...

CVE-2017-7185

Use-after-free vulnerability in the mghttpmultipartwaitforboundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service crash via a multipart/form-data POST request without a MIM...