4 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. Se puede acceder a la clave privada del servidor web en Moxa MXview, en versiones 2.8 y anteriores, mediante una petición HTTP GET. Esto podría permitir que un atacante remoto descifre información cifrada. • http://www.securityfocus.com/bid/103722 https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Se ha descubierto un problema en Moxa MXview v2.8 y anteriores. La vulnerabilidad de escalado de ruta de servicio sin entrecomillar podría permitir que un usuario autorizado con acceso de archivo escale privilegios insertando código arbitrario en la ruta del servicio sin entrecomillar. • http://www.securityfocus.com/bid/102494 https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02 • CWE-428: Unquoted Search Path or Element •

CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 3

Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. Moxa MXView 2.8 permite a los atacantes remotos provocar una denegación de servicio mediante el envío excesivo de carga útil basura para las credenciales de inicio de sesión del cliente MXView. Moxa MXView version 2.8 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/41851 http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt http://seclists.org/fulldisclosure/2017/Apr/50 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 75%CPEs: 1EXPL: 4

Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. Moxa MXView 2.8 permite a atacantes remotos leer el archivo de clave privada del servidor web, sin control de acceso. Moxa MXview version 2.8 suffers from a remote private key disclosure vulnerability. • https://www.exploit-db.com/exploits/41850 http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html http://seclists.org/fulldisclosure/2017/Apr/49 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •