Path traversal

Honeywell Notifier Web Server NWS Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem...

CVE-2020-6974

Honeywell Notifier Web Server NWS Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem...

CVE-2020-6974

The CVE-2020-6974 issue affects Honeywell Notifier Web Server (NWS) versions 3.50 and earlier, where a path traversal vulnerability can bypass access to restricted directories. Multiple sources corroborate the vulnerability and indicate a firmware update from Honeywell addresses the problem. CISA...

Authentication flaw

In Notifier Web Server NWS Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser...

CVE-2020-6972

CVE-2020-6972 affects Honeywell/NWS Notifier Web Server (NWS-3) versions 3.50 and earlier. The vulnerability is an authentication bypass by a capture-replay attack from a web browser, with CVSS v3.1 base score 9.1 (Network, Privileges None, User Interaction None; Confidentiality/Integrity High, A...

Honeywell NOTI-FIRE-NET Web Server (NWS-3)

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: NOTI-FIRE-NET Web Server NWS-3 Vulnerabilities: Authentication Bypass by Capture-replay, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

NWS Classifieds 007 Local File Inclusion

------------------------------------------------------------------------ Software................NWS Classifieds 007 Vulnerability...........Local File Inclusion Download................http://webscripts.softpedia.com/script/Ad-Management/Classified-Ads/NWS-Classifieds-35000.html Release...

NWS-Classifieds - cmd Local File Inclusion

NWS-Classifieds - cmd Local File Inclusion source: https://www.securityfocus.com/bid/43259/info NWS-Classifieds is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

NWS-Classifieds - 'cmd' Local File Inclusion

source: https://www.securityfocus.com/bid/43259/info NWS-Classifieds is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local...

Microsoft Windows Live Email - dwmapi.dll DLL Hijacking

Microsoft Windows Live Email - dwmapi.dll DLL Hijacking / Exploit Title: Windows Live Email DLL Hijacking Exploit dwmapi.dll Date: 24/08/2010 Author: Nicolas Krassas http://twitter.com/Dinosn Version: Latest windows live suite Tested on: Windows XP SP3 The code is based on the exploit from...

Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking

/ Exploit Title: Windows Live Email DLL Hijacking Exploit dwmapi.dll Date: 24/08/2010 Author: Nicolas Krassas http://twitter.com/Dinosn Version: Latest windows live suite Tested on: Windows XP SP3 The code is based on the exploit from "TheLeader" Vulnerable extensions: .eml .nws .rss / include...

CVE-2006-1704

Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php...

CVE-2006-1704

The CVE-2006-1704 entry concerns Sire 2.0 nws, where a flaw in upload.php allows remote attackers to upload arbitrary image files without authentication. The root cause is an unauthenticated file upload path via a direct request to upload.php, enabling an attacker to place image files on the serv...

CVE-2006-1703

CVE-2006-1703 describes a PHP remote file inclusion in lire.php of Sire 2.0 nws, allowing remote attackers to execute arbitrary PHP code via a URL in the rub parameter. Affected software: Sire 2.0 nws (lire.php). Root cause: improper handling of the rub parameter enabling remote file inclusion. I...

CVE-2006-1704

Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php...