Page 6 of 33 results (0.009 seconds)

CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 1

An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en pila en la funcionalidad de análisis sintáctico de paquetes MQTT de Cesanta Mongoose 6.8. Un paquete MQTT SUBSCRIBE especialmente manipulado puede provocar un desbordamiento de búfer basado en pila que daría lugar a la ejecución remota de código. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0401 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de uso de memoria previamente liberada en la implementación del servidor HTTP de Cesanta Mongoose 6.8. Una petición POST HTTP normal con un objetivo CGI puede provocar que un puntero previamente liberado se vuelva a utilizar, resultando en una ejecución remota de código. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. Existe un error de programación de bucle infinito en la funcionalidad del servidor DNS en la biblioteca Cesanta Mongoose 6.8. Una petición DNS especialmente manipulada puede provocar un bucle infinito, resultando en un gran uso de CPU y una denegación de servicio. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. Existe una vulnerabilidad explotable de corrupción de memoria en la implementación del protocolo Websocket de Cesanta Mongoose 6.8. Un paquete websocket especialmente manipulado puede provocar que un búfer se asigne dejando punteros obsoletos. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0429 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 47%CPEs: 3EXPL: 2

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011. Desbordamiento de buffer de pila en (1) la función put_dir de mongoose.c de Mongoose 3.0, (2) la función put_dir de yasslEWS.c de yaSSL Embedded Web Server (yasslEWS) 0.2 y (3) la función _shttpd_put_dir de io_dir.c de Simple HTTPD (shttpd) 1.42. Permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP PUT, como se ha demostrado en ataques en el 2011. • https://www.exploit-db.com/exploits/17658 https://www.exploit-db.com/exploits/17669 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html http://secunia.com/advisories/45464 http://secunia.com/advisories/45902 http://securityreason.com/securityalert/8337 http://www.openwall.com/lists/oss-security/2011/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •