CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6025
https://notcve.org/view.php?id=CVE-2017-6025
19 May 2017 — A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the applicatio... • http://www.securityfocus.com/bid/97174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-6027
https://notcve.org/view.php?id=CVE-2017-6027
19 May 2017 — An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. Se detectó un problema de carga arbitraria de archivo... • http://www.securityfocus.com/bid/97174 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2007-5809
https://notcve.org/view.php?id=CVE-2007-5809
05 Nov 2007 — Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server 01-00 hasta 03-10, tal y como se usa en determinados productos Cosminexus, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante petic... • http://osvdb.org/42027 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2007-5810
https://notcve.org/view.php?id=CVE-2007-5810
05 Nov 2007 — Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. Hitachi Web Server 01-00 hasta 03-00-01, tal y como se usa en determinados productos Cosminexus, no valida apropiadamente certificados SSL cliente, lo cual podría permitir a atacantes remotos suplantar autenticación mediante un certificado cliente con una firma falsif... • http://osvdb.org/42026 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-4529
https://notcve.org/view.php?id=CVE-2007-4529
25 Aug 2007 — The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.... • http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4530
https://notcve.org/view.php?id=CVE-2007-4530
25 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TeamSpeak Server 2.0.20.1 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro error_text en error_box.html ó (2) el parámetro ok_title en ok_box.h... • http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html •