VARIoT IoT vulnerabilities database
| VAR-201806-0502 | CVE-2017-16181 | wintiwebdev Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. wintiwebdev Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in wintiwebdev
| VAR-201806-0512 | CVE-2017-16191 | cypserver Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. cypserver Contains a path traversal vulnerability.Information may be obtained. Cypserver has a directory traversal vulnerability
| VAR-201806-0506 | CVE-2017-16185 | uekw1511server Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. uekw1511server Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in uekw1511server
| VAR-201806-0490 | CVE-2017-16169 | looppake Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. looppake Contains a path traversal vulnerability.Information may be obtained. Looppake has a directory traversal vulnerability
| VAR-201806-0495 | CVE-2017-16174 | whispercast Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. whispercast Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in whispercast
| VAR-201806-0497 | CVE-2017-16176 | jansenstuffpleasework Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. jansenstuffpleasework Contains a path traversal vulnerability.Information may be obtained. There is a directory traversal vulnerability in jansenstuffpleasework
| VAR-201806-0465 | CVE-2017-16143 | commentapp.stetsonwood Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. commentapp.stetsonwood Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in commentapp.stetsonwood
| VAR-201806-1520 | CVE-2018-3713 | Angular-http-server path traversal vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. Angular-http-server is an HTTP server for deploying single-page applications. There is a path traversal vulnerability in angular-http-server. The vulnerability stems from the lack of verification of possibleFilename by the program
| VAR-201806-0491 | CVE-2017-16170 | liuyaserver Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. liuyaserver Contains a path traversal vulnerability.Information may be obtained. Liuyaserver has a directory traversal vulnerability
| VAR-201806-0481 | CVE-2017-16160 | 11xiaoli Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. 11xiaoli Contains a path traversal vulnerability.Information may be obtained. 11xiaoli has a directory traversal vulnerability
| VAR-201806-1523 | CVE-2018-3716 | Simplehttpserver cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. Simplehttpserver is an HTTP file server. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML
| VAR-201806-0456 | CVE-2017-16134 | http_static_simple Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. http_static_simple Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in http_static_simple
| VAR-201806-0501 | CVE-2017-16180 | serverabc Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. serverabc Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in serverabc
| VAR-201806-0500 | CVE-2017-16179 | dasafio Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files. dasafio Contains a path traversal vulnerability.Information may be obtained. There is a directory traversal vulnerability in desafio
| VAR-201806-0492 | CVE-2017-16171 | hcbserver Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. hcbserver Contains a path traversal vulnerability.Information may be obtained. Hcbserver has a directory traversal vulnerability
| VAR-201806-1519 | CVE-2018-3712 | Serve path traversal vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. serve node The module contains a path traversal vulnerability.Information may be obtained. Serve is a static file server that is primarily used to deploy local single-page applications or static files. A path traversal vulnerability exists in versions prior to serve6.4.9 that caused the program to fail to adequately filter the %2e(.) and %2f(/) characters in the url
| VAR-201806-1525 | CVE-2018-3718 | serve node Module data processing vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. serve node The module contains a data processing vulnerability.Information may be obtained. Serve is an HTTP server for deploying single-page applications. An attacker could exploit the vulnerability to reveal information using a directory listing
| VAR-201807-1814 | CVE-2018-5885 | Snapdragon Mobile and Snapdragon Wear Buffer error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks.
These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm Snapdragon Mobile and Snapdragon Wear are both Qualcomm's central processing unit (CPU) products for different platforms. Secure UI is one of the security management interfaces. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code
| VAR-201807-1821 | CVE-2018-5892 | Snapdragon Mobile and Snapdragon Wear Vulnerabilities in environment settings |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks.
These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510
| VAR-201806-1026 | CVE-2018-0296 | Cisco Adaptive Security Appliance and Firepower Threat Defense Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Vendors have confirmed this vulnerability Bug ID CSCvi16029 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ASASoftware and FirepowerThreatDefense (FTD) Software are operating systems that run on different devices