9 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ZEROF Web Server versión 2.0 permite una inyección SQL de /HandleEvent • https://awillix.ru https://github.com/landigv/research/blob/main/cve/CVE-2022-25322.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

ZEROF Web Server 2.0 allows /admin.back XSS. ZEROF Web Server versión 2.0 permite un ataque de tipo XSS en /admin.back • https://awillix.ru https://github.com/awillix/research/blob/main/cve/CVE-2022-25323.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. Se detectó un problema de desbordamiento del búfer de pila en el Servidor Web de 3S-Smart Software Solutions GmbH CODESYS. • http://www.securityfocus.com/bid/97174 https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivos en el Servidor Web de 3S-Smart Software Solutions GmbH CODESYS. Las siguientes versiones del Servidor Web de CODESYS, parte del programa de visualización del navegador web WebVisu de CODESYS, están afectadas: el Servidor Web de CODESYS versiones 2.3 y anteriores. • http://www.securityfocus.com/bid/97174 https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.3EPSS: 1%CPEs: 295EXPL: 0

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. Desbordamiento de búfer en Hitachi Cosminexus V4 a la V8, Processing Kit para XML, y Developer's Kit para Java, usado en productos como uCosminexus, Electronic Form Workflow, Groupmax, e IBM XL C/C++ Enterprise Edition 7 y 8, permite a atacantes remotos tener un impacto desconocido a través de vectores relacionados con el uso del procesamiento de imágenes GIF mediante APIs para aplicaciones Java. Cuestión distinta del CVE-2007-3794. • http://osvdb.org/57834 http://secunia.com/advisories/36622 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html http://www.securityfocus.com/bid/36309 http://www.vupen.com/english/advisories/2009/2574 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •