VARIoT IoT vulnerabilities database

commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. commentapp.stetsonwood Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in commentapp.stetsonwood

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. Angular-http-server is an HTTP server for deploying single-page applications. There is a path traversal vulnerability in angular-http-server. The vulnerability stems from the lack of verification of possibleFilename by the program

liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. liuyaserver Contains a path traversal vulnerability.Information may be obtained. Liuyaserver has a directory traversal vulnerability

11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. 11xiaoli Contains a path traversal vulnerability.Information may be obtained. 11xiaoli has a directory traversal vulnerability

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. Simplehttpserver is an HTTP file server. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML

http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. http_static_simple Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in http_static_simple

serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. serverabc Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in serverabc

dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files. dasafio Contains a path traversal vulnerability.Information may be obtained. There is a directory traversal vulnerability in desafio

hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. hcbserver Contains a path traversal vulnerability.Information may be obtained. Hcbserver has a directory traversal vulnerability

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. serve node The module contains a path traversal vulnerability.Information may be obtained. Serve is a static file server that is primarily used to deploy local single-page applications or static files. A path traversal vulnerability exists in versions prior to serve6.4.9 that caused the program to fail to adequately filter the %2e(.) and %2f(/) characters in the url

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. serve node The module contains a data processing vulnerability.Information may be obtained. Serve is an HTTP server for deploying single-page applications. An attacker could exploit the vulnerability to reveal information using a directory listing

While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm Snapdragon Mobile and Snapdragon Wear are both Qualcomm's central processing unit (CPU) products for different platforms. Secure UI is one of the security management interfaces. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code

The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Vendors have confirmed this vulnerability Bug ID CSCvi16029 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ASASoftware and FirepowerThreatDefense (FTD) Software are operating systems that run on different devices

byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. byucslabsix Contains a path traversal vulnerability.Information may be obtained. There is a directory traversal vulnerability in byucslabsix

A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A resource management error vulnerability exists in the Thermal Engine in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A resource management error vulnerability exists in the Connected Camera in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions (for automotive, mobile, and wearables) are affected: Qualcomm MDM9206; MDM9607; MDM9650; MSM8996AU; SD 210; SD 212; SD 205; SD 625; SD 820; SD 820A;

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm Snapdragon Mobile and Snapdragon Wear are both Qualcomm's central processing unit (CPU) products for different platforms. Multimedia is one of the multimedia components

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm MSM8996AU is a central processing unit (CPU) product of Qualcomm (Qualcomm). A resource management error vulnerability exists in Data Network Stack & Connectivity in several Qualcomm products. A local attacker could exploit this vulnerability with a specially crafted file to cause a system crash (denial of service). The following products and versions are affected: Qualcomm MSM8909W; MSM8996AU; SD 210; SD 212; SD 205; SD 450; SD 615/16; SD 415; SD 625; SD 650/52;

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. node-srv node The module contains a path traversal vulnerability.Information may be obtained. Node-srv is a static Node.js server that supports Heroku and Grunt.js