CVE-2014-3110
published 2014-07-24CVE-2014-3110: Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.34%
91.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| honeywell | falcon_xlweb_linux_controller | <= 2.04.01 | — |
| honeywell | falcon_xlweb_xlwebexe | <= 2.02.11 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x6f9-98hm-rf7f: Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2
ghsa_unreviewed·2022-05-14
CVE-2014-3110 [MEDIUM] CWE-79 GHSA-x6f9-98hm-rf7f: Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
CISA ICS
Honeywell FALCON XLWeb Controllers Vulnerabilities
cisa_ics·2018-09-06
Honeywell FALCON XLWeb Controllers Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Honeywell FALCON XLWeb Controllers Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-175-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site.
Martin Jartelius of Outpost24 has identified an authentication bypass vulnerability in Honeywell FALCON XLWeb controllers. Juan Francisco Bolivar has identified cross-site scripting vulnerabilities in Honeywell FALCON XLWeb controllers. Honeywell has produced an update that mitigates both vulnerabilities. Mr. Jartelius
No detection rules found.
Exploit-DB
Honeywell XL Web Controller - Cross-Site Scripting
exploitdb·2018-05-24·CVSS 4.3
CVE-2014-3110 [MEDIUM] Honeywell XL Web Controller - Cross-Site Scripting
Honeywell XL Web Controller - Cross-Site Scripting
---
# Exploit Title: Honeywell XL Web Controller - Cross-Site Scripting
# Date: 2018-05-24
# Exploit Author: t4rkd3vilz
# Vendor Homepage: https://www.honeywell.com
# Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB
# 104 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C1000 EXCEL WEB 600 I/O,
# XL1000C50U EXCEL WEB 52 I/O UUKL, XL1000C100U EXCEL WEB 104 I/O UUKL,
# XL1000C500U EXCEL WEB 300 I/O UUKL, and XL1000C1000U EXCEL WEB 600 I/O UUKL.
# Tested on: Linux
# CVE: CVE-2014-3110
# PoC
POST /standard/mainframe.php HTTP/1.1
Cache-Control: no-cache
Referer: http://79.2.122.25/standard/mainframe.php
Accept: text/xml,application/xml,application/xhtml+xml,text/
html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozi
Exploit-DB
Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
exploitdb·2015-06-23
CVE-2015-3110 Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
Photoshop CC2014 / Bridge CC 2014 - '.gif' Parsing Memory Corruption
---
#####################################################################################
Application: Adobe Photoshop CC 2014 & Bridge CC 2014
Platforms: Windows
Versions: The vulnerability is confirmed in version Photoshop CC 2014 and Bridge CC 2014.
Secunia:
{PRL}: 2015-07
Author: Francis Provencher (Protek Research Lab’s)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
1) Introduction
Adobe Photoshop is a raster graphics editor developed and published b
No writeups or analysis indexed.
2014-07-24
Published