CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Low attack complexity/public exploits are available Vendor : BPL Medical Technologies Equipment : PWS-01-BT, Be Well Android App Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

CVE-2024-34463

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...

CVE-2024-34463

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

Hardcoded credentials

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

CVE-2022-45291

CVE-2022-45291 affects the PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS 2012_lts. The vulnerability enables remote code execution by injecting PHP into settings.php, with exploitation paths including PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_ea...

GHSA-MPV3-G527-FQRJ Cloud Foundry Runtime Cross-Site Request Forgery vulnerability

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry PCF Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery CSRF attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks...

Cloud Foundry Runtime Cross-Site Request Forgery vulnerability

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry PCF Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery CSRF attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks...

mic-pws-acc.trimm.net Cross Site Scripting vulnerability OBB-2472812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2018-16660

A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation...

Imperva SecureSphere 13.x PWS Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Imperva SecureSphere PWS Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Imperva SecureSphere...

Imperva SecureSphere 13.x PWS Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to comma...

Imperva SecureSphere PWS Command Injection

This module exploits a command injection vulnerability in Imperva SecureSphere 13.x. The vulnerability exists in the PWS service, where Python CGIs didn't properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent...

CVE-2018-19646

CVE-2018-19646 affects Imperva SecureSphere Personal Web Server (PWS) CGI scripts. Vulnerable component: Python CGI scripts in PWS versions 13.0.10, 13.1.10, and 13.2.10. Root cause: command-line arguments are mishandled, allowing remote attackers to execute arbitrary OS commands. Impact: high se...

Security Bulletin: Apache Struts Vulnerability CVE-2017-9791 will not affect PSS products

Summary The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Among all the PSS products LSF, PPM, RTM, PWS, only PWS 9.1 and 9.1.3 have Struts libs in the package. However, PWS will not use the libs...

MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (1)

No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...

Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/568/info A 'GET' request for a URL longer than 166 characters will overflow a buffer and cause the web server to crash with the following or similar error message: VHTTPD32 caused an invalid page fault in module...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (6)

No description provided by source. / iisex iis exploit - nost's idea v2 -------------------------------------- Okay.. the first piece of code was not really finished. So, i apologize to everybody.. by incubus [email protected] grtz to: Bio, nos, zoa, reg and vor... who else would stay up at nig...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...