Skip to main content

Web Server

8 CVEs product

Monthly

CVE-2022-31805 HIGH This Week

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System Edge Gateway Gateway Hmi Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-25323 MEDIUM POC This Month

ZEROF Web Server 2.0 allows /admin.back XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Server
NVD GitHub
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-25322 CRITICAL POC Act Now

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2021-30175 CRITICAL POC Act Now

ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.5%
CVE-2020-7222 MEDIUM POC This Month

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Server
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2017-16934 CRITICAL POC THREAT Emergency

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Command Injection Web Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.4%
Threat
4.0
CVE-2017-6027 CRITICAL Act Now

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Web Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-6025 CRITICAL Act Now

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Web Server
NVD
CVSS 3.0
9.8
EPSS
0.6%
EPSS 1% CVSS 7.5
HIGH This Week

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System Edge Gateway +8
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

ZEROF Web Server 2.0 allows /admin.back XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Server
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Server
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Server
NVD
EPSS 18% 4.0 CVSS 9.8
CRITICAL POC THREAT Emergency

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Command Injection Web Server
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Web Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy