web port vulnerabilities and exploits

(subscribe to this query)

An issue exists in KaiOS 3.0 prior to 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted...

Kaiostech Kaios 3.0 Kaiostech Kaios 3.1

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE ...

Webkitgtk Webkit2gtk3 2.38.5-1.el9 Webkitgtk Webkit2gtk3 2.38.5-1.el8 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0 Redhat Enterprise Linux Server Tus 8.8 Redhat Enterprise Linux Server Aus 8.8 Redhat Enterprise Linux Eus 8.8 Redhat Enterprise Linux Server Aus 9.2 Redhat Enterprise Linux Eus 9.2

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

Apple Iphone Os Apple Ipados Apple Tvos Apple Watchos Apple Macos Apple Safari Debian Debian Linux 10.0

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

Apple Macos Apple Tvos Apple Watchos Apple Iphone Os Apple Ipad Os Apple Safari Debian Debian Linux 10.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution

Apple Iphone Os Apple Ipados Apple Safari Apple Macos

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote malicious user to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upg...

Cisco Spa112 Firmware 1.4.1

1 Article

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote malicious user to login as superuser by using default username/password via web-based management interface and/or ...

Gajshield Data Security Firewall Firmware

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's ...

Git For Windows Project Git For Windows Fedoraproject Fedora 37 Fedoraproject Fedora 38

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation”...

Siemens Cp-8031 Firmware Siemens Cp-8050 Firmware

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is ...

Apple Safari Apple Macos Apple Ipados Apple Iphone Os

2 Articles

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook