CAGE Web Design | Rolf Van Gelder Security Vulnerabilities
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port...
8.3AI Score
0.12EPSS
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity...
5.3CVSS
5.2AI Score
0.001EPSS
Outlook Web Access URL Injection
Due to a lack of sanitization of the user input, the remote version of Microsoft Outlook Web Access 2003 is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to...
7AI Score
0.972EPSS
YusASP Web Asset Manager Vulnerability
YusASP Web Asset Manager is a complete file manager for your website. If left uprotected, the YusASP allows you to anage the remote...
6.8AI Score
0.006EPSS
7.3AI Score
OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of...
9.8CVSS
9.8AI Score
0.024EPSS
Web Server info.php / phpinfo.php Detection
Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web.....
7.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through...
7.1CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Cisco IOS XE Software Web UI Command Injection Vulnerability (cisco-sa-web-cmdinj4-S2TmH7GA)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more...
7.2CVSS
7.3AI Score
0.001EPSS
The web UI for CKAN, an open source data management system was detected on the remote...
7.1AI Score
The web management interface for OpenMediaVault was detected on the remote...
1.1AI Score
Apache Tomcat Servers - Remote Code Execution
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to.....
8.1CVSS
8AI Score
0.967EPSS
7.8CVSS
7.7AI Score
0.002EPSS
8.8CVSS
8.1AI Score
0.013EPSS
This plugin provides vulnerability detections in Web applications and Web site...
6.9AI Score
The web interface for trixbox, an IP-PBX application based on Asterisk, was detected on the remote...
1.1AI Score
The web management interface for an OpenGear series 7x00 appliance was detected on the remote host. It is possible to extract the firmware version and model information if login credentials are...
2.7AI Score
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.7AI Score
0.0004EPSS
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
6.5CVSS
1.9AI Score
0.001EPSS
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
6.5CVSS
6.1AI Score
0.001EPSS
Zyxel NAS Device Web UI Detection
The remote web server hosts a Zyxel web application which indicates it is a Zyxel...
7.5AI Score
'//WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure...
7.5CVSS
7.4AI Score
0.101EPSS
Cassini / CassiniEx Web Server Detection (HTTP)
HTTP based detection of the Cassini / CassiniEx Web...
7.3AI Score
7.8CVSS
7.7AI Score
0.088EPSS
7.8CVSS
7.4AI Score
0.035EPSS
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
9.8CVSS
8.8AI Score
0.022EPSS
7.8CVSS
7.6AI Score
0.014EPSS
Moxa NPort Unprotected Web Console
The remote Moxa NPort Web Console is not protected by a ...
7.4AI Score
Apache ActiveMQ Web Console Default Credentials
ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...
7.6AI Score
Zabbix Web Interface Default Administrator Credentials
The remote Zabbix Web Interface uses a default set of credentials ('Admin' / 'zabbix') to control access to its management interface. With this information, an attacker can gain administrative access to the...
7.5AI Score
5.5CVSS
5.5AI Score
0.0004EPSS
7.1AI Score
1.2AI Score
0.8AI Score
AVTech Web Interface Detection
Nessus was able to detect the web interface for an AVTech device on the remote...
1AI Score
The remote web server is the user interface for NAS4Free, an open-source network-attached storage software distribution based on FreeBSD. NAS4Free is a direct continuation of the original FreeNAS...
2.2AI Score
Web Application Firewall Detection
By analyzing error codes and messages returned from some web queries, Nessus is able to determine that the remote web server is protected by a web application firewall. Such protection may disrupt scan results. Countermeasures have been taken to make the scan as reliable as...
2.1AI Score
Reflected XSS in Metrics Web Page
Reflected XSS in Sidekiq Web UI via the /metrics HTTP end-point and the substr query param:...
6.2AI Score
EPSS
Checkbox Survey, a web application for creating surveys was detected on the remote host. Note: If credentials for HTTP basic authentication / digest are supplied, then an attempt to retrieve the version information from the API will be...
2.2AI Score
Rancher Web Interface Detection
Rancher, a Kubernetes management platform, was detected based on the web...
1.2AI Score
Nessus was able to detect the web interface for an AXIS device on the remote...
1.2AI Score
The web UI for Grafana Labs was detected on the remote host. Note : The application can be reconfigured to reveal the version by setting hide_version = false under [auth.anonymous] in the grafana.ini...
7AI Score
GitLab web user interface detected on remote host. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration and deployment pipeline features, using an open-source license, developed by GitLab...
0.8AI Score
Apple AirPlay, formerly AirTunes, was detected on the remote host. It is possible to obtain information about the remote device from this service's...
1.1AI Score
0.8AI Score
0.3AI Score
NETGEAR Web Interface Detection
Nessus was able to detect the web administration interface for a NETGEAR device on the remote...
1.6AI Score
Graylog2 Web Interface Detection
The web interface for Graylog2, a log collection and analysis platform, was detected on the remote host. It is possible to extract version information if login credentials are provided on...
1.8AI Score
Oracle Web Determinations Detection
The remote web server hosts Oracle Web Determinations, a web-based interactive assessment system that is a component of Oracle Policy...
1.7AI Score