Lucene search
+L

191 matches found

Prion
Prion
added 2020/09/09 7:15 p.m.25 views

Design/Logic Flaw

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

6.8CVSS9.4AI score0.03354EPSS
Exploits2References7Affected Software3
UbuntuCve
UbuntuCve
added 2020/09/09 7:15 p.m.27 views

CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

9.8CVSS7.2AI score0.03354EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2020/09/09 7:15 p.m.56 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS7.2AI score0.17374EPSS
Exploits3References4
OSV
OSV
added 2020/09/09 7:15 p.m.4 views

UBUNTU-CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

9.8CVSS7.3AI score0.03354EPSS
Exploits2References5
OSV
OSV
added 2020/09/09 7:15 p.m.3 views

UBUNTU-CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

9.8CVSS7.3AI score0.17374EPSS
Exploits3References5
CVE
CVE
added 2020/09/09 6:10 p.m.142 views

CVE-2020-24916

CVE-2020-24916 affects the Yaws web server CGI implementation, with versions 1.81–2.0.7 vulnerable. The root cause is that CGI requests are not properly sanitized, enabling a remote attacker to execute arbitrary shell commands by crafting CGI executable names. This is a remote, unauthenticated co...

10CVSS9.4AI score0.17374EPSS
Exploits3References7Affected Software1
Debian CVE
Debian CVE
added 2020/09/09 6:10 p.m.42 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS
Exploits3
Cvelist
Cvelist
added 2020/09/09 6:10 p.m.39 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

9.6AI score0.17374EPSS
Exploits3References7
Debian CVE
Debian CVE
added 2020/09/09 6:10 p.m.25 views

CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

9.8CVSS4.7AI score0.03354EPSS
Exploits2
CVE
CVE
added 2020/09/09 6:10 p.m.108 views

CVE-2020-24379

CVE-2020-24379 affects Yaws, a Erlang-based HTTP server. The WebDAV implementation in Yaws versions 1.81–2.0.7 is vulnerable to a XML External Entity (XXE) injection in input handling. Exploitation could lead to sensitive data exposure via XXE. Public fixes exist: Debian/Ubuntu advisories update ...

9.8CVSS9.3AI score0.03354EPSS
Exploits2References7Affected Software1
Cvelist
Cvelist
added 2020/09/09 6:10 p.m.36 views

CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

9.5AI score0.03354EPSS
Exploits2References7
Packet Storm
Packet Storm
added 2020/09/08 12:0 a.m.680 views

Yaws 2.0.7 XML Injection / Command Injection

Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...

0.1AI score0.17374EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2020/08/28 12:0 a.m.4 views

PT-2020-5768 · Yaws +1 · Yaws +1

Name of the Vulnerable Software and Affected Versions: Yaws versions 1.81 through 2.0.7 Description: The issue is related to the CGI implementation in the Yaws web server, which is associated with incorrect cleaning of CGI requests. This can allow a remote attacker to access confidential data,...

10CVSS9.4AI score0.17374EPSS
Exploits4References29
Positive Technologies
Positive Technologies
added 2020/08/17 12:0 a.m.4 views

PT-2020-5795 · Yaws +1 · Yaws Webserver +1

Name of the Vulnerable Software and Affected Versions: Yaws web server versions 1.81 through 2.0.7 Description: The issue is related to the implementation of WebDAV in the Yaws web server, which is vulnerable to XXE injection. This could allow a remote attacker to access confidential data,...

10CVSS9.2AI score0.17374EPSS
Exploits4References29
GithubExploit
GithubExploit
added 2020/08/06 9:1 a.m.6 views

Exploit for OS Command Injection in Yaws

OS command injection in Yaws web server CVE-2020-24916 P...

10CVSS8AI score0.17374EPSS
Exploits3
CNVD
CNVD
added 2020/05/18 12:0 a.m.4 views

Yaws Encryption Problem Vulnerability

Yaws is a web server written in the Erlang language. A cryptographic issue vulnerability exists in yawsconfig.erl in Yaws versions 2.0.2 and 2.0.7. No detailed vulnerability details are provided at this time...

5.5CVSS7.6AI score0.00389EPSS
Exploits1References1
NVD
NVD
added 2020/05/15 7:15 p.m.34 views

CVE-2020-12872

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

5.5CVSS5.4AI score0.00389EPSS
Exploits1References5
OSV
OSV
added 2020/05/15 7:15 p.m.30 views

CVE-2020-12872

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

5.5CVSS6.8AI score0.00389EPSS
Exploits1References5
OSV
OSV
added 2020/05/15 7:15 p.m.3 views

DEBIAN-CVE-2020-12872

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

5.5CVSS6.1AI score0.00389EPSS
Exploits1References1
Prion
Prion
added 2020/05/15 7:15 p.m.20 views

Design/Logic Flaw

yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...

2.1CVSS5.8AI score0.00389EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder