8 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ZEROF Web Server versión 2.0 permite una inyección SQL de /HandleEvent • https://awillix.ru https://github.com/landigv/research/blob/main/cve/CVE-2022-25322.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

ZEROF Web Server 2.0 allows /admin.back XSS. ZEROF Web Server versión 2.0 permite un ataque de tipo XSS en /admin.back • https://awillix.ru https://github.com/awillix/research/blob/main/cve/CVE-2022-25323.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. Se detectó un problema de desbordamiento del búfer de pila en el Servidor Web de 3S-Smart Software Solutions GmbH CODESYS. • http://www.securityfocus.com/bid/97174 https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivos en el Servidor Web de 3S-Smart Software Solutions GmbH CODESYS. Las siguientes versiones del Servidor Web de CODESYS, parte del programa de visualización del navegador web WebVisu de CODESYS, están afectadas: el Servidor Web de CODESYS versiones 2.3 y anteriores. • http://www.securityfocus.com/bid/97174 https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server 01-00 hasta 03-10, tal y como se usa en determinados productos Cosminexus, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante peticiones HTTP no especificadas que disparan la creación de una página estado-de-servidor. • http://osvdb.org/42027 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •