Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaws yaws vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2009-4494
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a term...
Aol Aolserver 4.5.1
1 EDB exploit
505
VMScore
CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal e...
Yaws Yaws 1.85
1 EDB exploit
505
VMScore
CVE-2009-4490
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a term...
Acme Mini Httpd 1.19
1 EDB exploit
505
VMScore
CVE-2009-4493
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequ...
Orion Orion Application Server 2.0.7
1 EDB exploit
505
VMScore
CVE-2009-4496
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a term...
Boa Boa 0.94.14rc21
1 EDB exploit
1 Github repository
505
VMScore
CVE-2009-0751
Yaws prior to 1.80 allows remote malicious users to cause a denial of service (memory consumption and crash) via a request with a large number of headers.
Yaws Yaws 1.55
Yaws Yaws 1.56
Yaws Yaws 1.65
Yaws Yaws 1.66
Yaws Yaws 1.74
Yaws Yaws 1.75
Yaws Yaws 1.57
Yaws Yaws 1.58
Yaws Yaws 1.67
Yaws Yaws 1.68
Yaws Yaws 1.76
Yaws Yaws 1.77
Yaws Yaws 1.53
Yaws Yaws 1.54
Yaws Yaws 1.63
Yaws Yaws 1.64
Yaws Yaws 1.72
Yaws Yaws 1.73
Yaws Yaws 1.50
Yaws Yaws 1.51
Yaws Yaws 1.52
Yaws Yaws 1.61
1 EDB exploit
445
VMScore
CVE-2005-2008
Yaws Webserver 1.55 and previous versions allows remote malicious users to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).
Yaws Webserver 1.52
Yaws Webserver 1.53
Yaws Webserver 1.50
Yaws Webserver 1.51
Yaws Webserver 1.54
Yaws Webserver 1.55
445
VMScore
CVE-2003-0083
Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...
Apache Http Server
445
VMScore
CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
Apache Http Server
440
VMScore
CVE-2011-4350
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
Yaws Yaws 1.91
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »