191 matches found
Yaws 1.91 - Local File Inclusion
Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. id: CVE-2017-10974 info: name: Yaws 1.91 - Local File Inclusion author: 0xAkoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. impact: |...
EUVD-2020-5153
Malware in sbrugna...
EUVD-2009-4461
Malware in sbrugna...
EUVD-2020-17111
Malware in sbrugna...
EUVD-2005-2010
Malware in sbrugna...
EUVD-2010-4156
Malware in sbrugna...
EUVD-2011-4930
Malware in sbrugna...
EUVD-2016-1053
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-24379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. CVE-2020-24379 Note that Nessus relies on the presence of the...
Linux Distros Unpatched Vulnerability : CVE-2020-24916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. CVE-2020-24916 Note that Nessus relies on the presence of th...
Linux Distros Unpatched Vulnerability : CVE-2020-12872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP...
Linux Distros Unpatched Vulnerability : CVE-2016-1000108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of...
Linux Distros Unpatched Vulnerability : CVE-2009-4495
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...
Yaws Web Server Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Yaws Web Server Directory Traversal", 'Description' = %q This module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can on...
VulnCheck KEV: CVE-2017-10974
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on...
SUSE CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
The vulnerability of the Yaws CGI web server lies in the lack of measures to neutralize special elements, which allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Yaws CGI web server implementation is related to improper cleaning of CGI requests. Exploiting this vulnerability can allow an attacker who operates remotely to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Yaws WebDAV server implementation lies in the improper restriction of XML links to external objects. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Yaws WebDAV server implementation is related to XXE injections. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
Debian DSA-4773-1 : yaws - security update
Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. - CVE-2020-24379 The WebDAV implementation is prone to a XML External Entity XXE injection vulnerability. - CVE-2020-24916 The CGI implementation does not properly sanitize CGI requests allowing ...