CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6025
https://notcve.org/view.php?id=CVE-2017-6025
19 May 2017 — A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the applicatio... • http://www.securityfocus.com/bid/97174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-6027
https://notcve.org/view.php?id=CVE-2017-6027
19 May 2017 — An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivo... • http://www.securityfocus.com/bid/97174 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4533
https://notcve.org/view.php?id=CVE-2008-4533
10 Oct 2008 — Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Kantan WEB Server v1.8 y versiones anteriores que permite a atacantes remotos insertar una secuencia arbitraria de comandos web o HTML a través de vectores no especificados • http://jvn.jp/en/jp/JVN94163107/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •