CVE-2017-6027
https://notcve.org/view.php?id=CVE-2017-6027
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivos en el Servidor Web de 3S-Smart Software Solutions GmbH CODESYS. Las siguientes versiones del Servidor Web de CODESYS, parte del programa de visualización del navegador web WebVisu de CODESYS, están afectadas: el Servidor Web de CODESYS versiones 2.3 y anteriores. • http://www.securityfocus.com/bid/97174 https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2008-4533
https://notcve.org/view.php?id=CVE-2008-4533
Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Kantan WEB Server v1.8 y versiones anteriores que permite a atacantes remotos insertar una secuencia arbitraria de comandos web o HTML a través de vectores no especificados • http://jvn.jp/en/jp/JVN94163107/index.html http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000060.html http://secunia.com/advisories/31917 http://www.osvdb.org/48222 http://www.securityfocus.com/bid/31244 https://exchange.xforce.ibmcloud.com/vulnerabilities/45242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5809
https://notcve.org/view.php?id=CVE-2007-5809
Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server 01-00 hasta 03-10, tal y como se usa en determinados productos Cosminexus, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante peticiones HTTP no especificadas que disparan la creación de una página estado-de-servidor. • http://osvdb.org/42027 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5810
https://notcve.org/view.php?id=CVE-2007-5810
Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. Hitachi Web Server 01-00 hasta 03-00-01, tal y como se usa en determinados productos Cosminexus, no valida apropiadamente certificados SSL cliente, lo cual podría permitir a atacantes remotos suplantar autenticación mediante un certificado cliente con una firma falsificada. • http://osvdb.org/42026 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-20: Improper Input Validation •
CVE-2007-4530
https://notcve.org/view.php?id=CVE-2007-4530
Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TeamSpeak Server 2.0.20.1 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro error_text en error_box.html ó (2) el parámetro ok_title en ok_box.html. • http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html http://osvdb.org/36048 http://osvdb.org/36049 http://secunia.com/advisories/25242 http://securityvulns.com/Rdocument6.html http://www.securityfocus.com/archive/1/477424/100/0/threaded http://www.securityfocus.com/bid/23933 https://exchange.xforce.ibmcloud.com/vulnerabilities/34252 •