191 matches found
Design/Logic Flaw
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
UBUNTU-CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...
UBUNTU-CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
CVE-2020-24916
CVE-2020-24916 affects the Yaws web server CGI implementation, with versions 1.81–2.0.7 vulnerable. The root cause is that CGI requests are not properly sanitized, enabling a remote attacker to execute arbitrary shell commands by crafting CGI executable names. This is a remote, unauthenticated co...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...
CVE-2020-24379
CVE-2020-24379 affects Yaws, a Erlang-based HTTP server. The WebDAV implementation in Yaws versions 1.81–2.0.7 is vulnerable to a XML External Entity (XXE) injection in input handling. Exploitation could lead to sensitive data exposure via XXE. Public fixes exist: Debian/Ubuntu advisories update ...
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...
Yaws 2.0.7 XML Injection / Command Injection
Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...
PT-2020-5768 · Yaws +1 · Yaws +1
Name of the Vulnerable Software and Affected Versions: Yaws versions 1.81 through 2.0.7 Description: The issue is related to the CGI implementation in the Yaws web server, which is associated with incorrect cleaning of CGI requests. This can allow a remote attacker to access confidential data,...
PT-2020-5795 · Yaws +1 · Yaws Webserver +1
Name of the Vulnerable Software and Affected Versions: Yaws web server versions 1.81 through 2.0.7 Description: The issue is related to the implementation of WebDAV in the Yaws web server, which is vulnerable to XXE injection. This could allow a remote attacker to access confidential data,...
Exploit for OS Command Injection in Yaws
OS command injection in Yaws web server CVE-2020-24916 P...
Yaws Encryption Problem Vulnerability
Yaws is a web server written in the Erlang language. A cryptographic issue vulnerability exists in yawsconfig.erl in Yaws versions 2.0.2 and 2.0.7. No detailed vulnerability details are provided at this time...
CVE-2020-12872
yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...
CVE-2020-12872
yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...
DEBIAN-CVE-2020-12872
yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...
Design/Logic Flaw
yawsconfig.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0...