CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25322
https://notcve.org/view.php?id=CVE-2022-25322
18 Feb 2022 — ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ZEROF Web Server versión 2.0 permite una inyección SQL de /HandleEvent • https://awillix.ru • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 1CVE-2022-25323
https://notcve.org/view.php?id=CVE-2022-25323
18 Feb 2022 — ZEROF Web Server 2.0 allows /admin.back XSS. ZEROF Web Server versión 2.0 permite un ataque de tipo XSS en /admin.back • https://awillix.ru • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6025
https://notcve.org/view.php?id=CVE-2017-6025
19 May 2017 — A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the applicatio... • http://www.securityfocus.com/bid/97174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-6027
https://notcve.org/view.php?id=CVE-2017-6027
19 May 2017 — An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivo... • http://www.securityfocus.com/bid/97174 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2007-5809
https://notcve.org/view.php?id=CVE-2007-5809
05 Nov 2007 — Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server 01-00 hasta 03-10, tal y como se usa en determinados productos Cosminexus, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante petic... • http://osvdb.org/42027 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2007-5810
https://notcve.org/view.php?id=CVE-2007-5810
05 Nov 2007 — Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. Hitachi Web Server 01-00 hasta 03-00-01, tal y como se usa en determinados productos Cosminexus, no valida apropiadamente certificados SSL cliente, lo cual podría permitir a atacantes remotos suplantar autenticación mediante un certificado cliente con una firma falsif... • http://osvdb.org/42026 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 1CVE-2007-3956 – TeamSpeak 2.0 (Windows Release) - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-3956
24 Jul 2007 — TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. TeamSpeak WebServer 2.0 para Windows no valida la longitud del valor del parámetro y no expiran las sesiones TCP, lo cual permite a atacantes remotos provocar denegación de servicio (consumo de CPU y memoria)a través de los... • https://www.exploit-db.com/exploits/4205 •
CVSS: 7.5EPSS: 5%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
18 Mar 2004 — The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc • CWE-476: NULL Pointer Dereference •