VYPR

Cockpit

by Agentejo

Source repositories

CVEs (25)

  • CVE-2019-5159Mar 10, 2020
    risk 0.00cvss epss 0.02

    An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers…

  • CVE-2019-3804Mar 26, 2019
    risk 0.00cvss epss 0.05

    It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to…

  • CVE-2018-15540Oct 15, 2018
    risk 0.00cvss epss 0.02

    Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.

  • CVE-2018-15539Oct 15, 2018
    risk 0.00cvss epss 0.01

    Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.

  • CVE-2018-15538Oct 15, 2018
    risk 0.00cvss epss 0.01

    Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.

Page 2 of 2