Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaws yaws vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
755
VMScore
CVE-2009-4492
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, ...
Ruby-lang Webrick 1.3.1
1 EDB exploit
685
VMScore
CVE-2009-4487
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a termina...
F5 Nginx 0.7.64
1 EDB exploit
605
VMScore
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
516
VMScore
CVE-2016-1000108
yaws prior to 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect a CG...
Yaws Yaws
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
505
VMScore
CVE-2017-10974
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlie...
Yaws Yaws 1.91
1 EDB exploit
505
VMScore
CVE-2010-4181
Directory traversal vulnerability in Yaws 1.89 allows remote malicious users to read arbitrary files via ..\ (dot dot backslash) and other sequences.
Yaws Yaws 1.89
1 EDB exploit
505
VMScore
CVE-2009-4489
header.c in Cherokee prior to 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an esca...
Cherokee-project Cherokee
1 EDB exploit
505
VMScore
CVE-2009-4488
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a termin...
Varnish.projects.linpro Varnish 2.0.6
1 EDB exploit
1 Github repository
505
VMScore
CVE-2009-4490
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a term...
Acme Mini Httpd 1.19
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »