896 matches found
CVE-2025-3499
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3499
The CVE-2025-3499 issue affects Radiflow iSAP Smart Collector, where two management-network web servers expose unauthenticated REST APIs on ports 8084 and 8086. The underlying root cause is OS command injection via these APIs, allowing an attacker to submit arbitrary commands that execute with ad...
The vulnerabilities of web servers OZW672 and OZW772 involve a lack of protection for SQL query structures, allowing attackers to circumvent existing security restrictions.
The vulnerabilities of web servers OZW672 and OZW772 are related to the lack of measures taken to protect the SQL query structure. Exploiting these vulnerabilities allows a malicious actor to bypass existing security restrictions remotely...
Nazgul Nostromo nhttpd < 2.1 Path Traversal Vulnerability
Nazgul Nostromo nhttpd is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-2971
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
CVE-1999-0012
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names...
CVE-1999-0146
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...
Siemens OZW Web Servers Code Execution and SQL Injection Vulnerability
The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...
Siemens OZW Web Servers
SUMMARY OZW672 and OZW772 Web Server versions contain vulnerabilities that could allow an attacker to execute arbitrary code on the device with root privileges in versions before V8.0 or to authenticate as Administrator user in versions before V6.0. Siemens has released new versions for the...
Apache Tomcat Rewrite Rule Bypass Vulnerability (Apr 2025) - Linux
Apache Tomcat is prone to a rewrite rule bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...
Nazgul Nostromo nhttpd < 1.9.7 Multiple Directory Traversal Vulnerabilities
Nazgul Nostromo nhttpd is prone to multiple directory traversal vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Slowloris HTTP DOS attack (CVE-2022-35639)
Summary IBM Sterling Partner Engagement Manager is vulnerable to Slowloris attack is a type of denial-of-service DoS attack which targets threaded web servers. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-35639 DESCRIPTION: IBM Sterling Partner Engagement Manager do not limi...
Allowed HTTP Methods Enumeration
Enumerates which HTTP methods are allowed. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nginx 1.11.4 - 1.27.3 TLS Session Resumption Vulnerability
Nginx is prone to a TLS session resumption vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...
The vulnerabilities of web servers OZW672 and OZW772, related to the protection of user accounts, allow attackers to carry out attacks using cross-site scripting (XSS).
The vulnerabilities of web servers OZW672 and OZW772 are related to the lack of measures taken to protect the structure of web pages. Exploiting these vulnerabilities allows attackers who operate remotely to carry out attacks using cross-site scripting XSS with arbitrary JavaScript code...
aiohttp 3.10.6 < 3.10.11 Memory Leak Vulnerability - Windows
aiohttp is prone to a memory leak vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...
Apache Tomcat XSS Vulnerability (Nov 2024) - Windows
Apache Tomcat is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat...
The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial router web servers allows attackers to enhance their privileges.
The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial router web servers lies in the inadequate isolation between user sessions. Exploiting this vulnerability can allow attackers to enhance their privileges...
Siemens OZW672和OZW772 跨站脚本漏洞
OZW devices web servers are used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning. A cross-site scripting vulnerability exists in Siemens OZW devices web servers, which can be exploited by an attacker to inject arbitrary JavaScript code...
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...