GeneralInformation

Hostnames	fellow.pl fll.pl euler.fll.pl
Domains	fellow.pl fll.pl
Country	Germany
City	Falkenstein
Organization	Hetzner Online GmbH
ISP	Hetzner Online GmbH
ASN	AS24940

WebTechnologies

JavaScript libraries

jQuery1.10.2

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(2)

CVE-2024-10525

9.8In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

CVE-2024-8376

7.5In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

2023(4)

CVE-2023-28366

7.5The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.

CVE-2023-5632

7.5In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6

CVE-2023-3592

5.8In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.

CVE-2023-0809

5.8In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

2021(1)

CVE-2021-34432

7.5In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

2020(2)

CVE-2020-11023

6.9In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11022

6.9In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

2019(1)

CVE-2019-11358

6.1jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

2018(3)

CVE-2018-12551

8.1When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

CVE-2018-12550

8.1When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

CVE-2018-12546

6.5In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.

2017(7)

CVE-2017-9868

5.5In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

CVE-2017-7655

7.5In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.

CVE-2017-7654

7.5In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.

CVE-2017-7653

5.3The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.

CVE-2017-7652

7.5In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.

CVE-2017-7651

7.5In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.

CVE-2017-7650

6.5In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.

2015(1)

CVE-2015-9251

6.1jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

80 81 443 1883

80 / tcp

-1427803479 | 2025-03-20T20:34:00.992197

Hashes

hash

1146895677

http.dom_hash

1239617585

http.html_hash

-1427803479

http.server_hash

-1340961475

http.title_hash

1522695184

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 20 Mar 2025 20:34:00 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=20
Location: https://168.119.212.208/

81 / tcp

-1872554614 | 2025-03-11T16:42:27.788140

Hashes

hash

-65744217

http.dom_hash

123909550

http.favicon.hash

-306283285

http.html_hash

-1872554614

http.server_hash

-1340961475

Najwięcej nowych znajomości... • fellow.pl • Randki dla gejów!

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 11 Mar 2025 16:42:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=7f401128ac524c151493697b79688e81; path=/
X-FRAME-OPTIONS: DENY

Vulnerabilities

443 / tcp

-1370418494 | 2025-03-20T22:41:36.934236

Hashes

hash

1151236866

http.dom_hash

-966057566

http.favicon.hash

-1317585491

http.html_hash

-1370418494

http.server_hash

-1340961475

Najwięcej nowych znajomości... • fellow.pl • Randki dla gejów!

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 20 Mar 2025 22:41:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-FRAME-OPTIONS: DENY
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=5629928f8dd5bd3b490f164596aa42fe; path=/

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:5a:5a:2b:b7:a4:60:f5:51:f6:e0:14:4f:07:0d:0a:8d:e8
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R10
        Validity
            Not Before: Feb 21 23:17:03 2025 GMT
            Not After : May 22 23:17:02 2025 GMT
        Subject: CN=fellow.pl
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:de:d8:d0:6f:c8:75:2a:53:39:c0:72:f3:bc:81:
                    e9:93:25:e3:56:0b:cb:da:3e:9c:dd:2a:df:28:08:
                    66:3a:13:a4:49:fb:f8:36:53:ee:2c:ec:f8:6a:f4:
                    5f:87:cb:4b:dc:99:af:6d:ce:b0:74:b0:fc:7e:c9:
                    83:69:5f:00:b2:70:93:47:d9:28:9b:fe:1d:9c:51:
                    2c:d3:11:da:ac:6d:7e:20:66:52:60:ff:69:2a:36:
                    5a:65:83:81:ec:6f:2f:cd:c5:dc:c0:1d:5e:04:94:
                    e6:5b:88:b5:be:09:4a:c6:44:20:09:71:f2:2e:0f:
                    17:86:47:47:14:15:86:6c:c6:73:64:84:02:6c:b9:
                    cf:da:16:e3:1c:31:ed:f9:0b:34:ad:65:a1:03:e2:
                    38:83:38:8c:7d:ed:c7:69:ad:27:76:e1:7d:c7:02:
                    a4:b7:78:36:b4:0b:0b:a4:b2:24:f8:c4:53:32:f9:
                    80:04:69:73:5e:8f:8c:cf:f8:f5:95:d2:eb:e8:a9:
                    6d:92:0f:bb:19:44:0f:e3:51:a4:cd:c9:57:b1:ca:
                    92:32:17:80:c0:38:a5:29:77:45:d2:0d:9b:4d:ea:
                    81:dd:cc:36:00:4c:fa:23:ee:34:fc:2d:d0:46:66:
                    35:dd:2a:9e:f3:9e:0f:49:3b:b4:34:7a:6f:af:31:
                    5a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                8F:C4:22:4A:E7:15:AB:E5:80:E6:EA:2C:EB:0D:5F:00:62:E0:56:20
            X509v3 Authority Key Identifier: 
                BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
            Authority Information Access: 
                OCSP - URI:http://r10.o.lencr.org
                CA Issuers - URI:http://r10.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.fellow.pl, DNS:*.fll.pl, DNS:fellow.pl, DNS:fll.pl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
                                D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
                    Timestamp : Feb 22 00:15:33.580 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:C5:F2:65:67:81:0B:7B:11:51:73:E9:
                                08:59:5B:64:84:25:F6:8C:41:B8:89:2C:C5:C3:4E:11:
                                36:5B:0C:0B:12:02:21:00:BB:60:F4:B2:EF:05:40:CD:
                                D1:9C:3A:1F:71:1B:BE:3E:B4:14:E9:49:74:38:FB:42:
                                04:59:62:52:C7:14:5C:39
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
                                D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
                    Timestamp : Feb 22 00:15:33.578 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D4:65:43:27:93:40:14:CA:1B:94:56:
                                64:FE:2C:38:D5:A6:FE:53:FA:ED:ED:A7:D3:68:50:1B:
                                6C:BD:41:86:4B:02:20:4B:87:BC:56:06:99:64:4E:70:
                                5B:97:82:E3:0D:13:2E:86:B4:42:30:F6:73:47:D8:4D:
                                91:AD:35:27:0F:0B:6A
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        02:4d:e6:06:85:c0:bf:a7:56:ab:ae:b6:9e:8d:da:34:67:78:
        65:c8:c5:63:4a:d7:0f:92:e9:4c:89:45:25:c4:11:9e:a2:ec:
        35:0c:c9:91:56:c6:89:e9:6c:16:b8:d3:22:37:d4:19:da:1d:
        02:cf:30:30:ec:77:79:08:b0:2d:d5:d5:a8:6a:fc:84:10:81:
        0b:6a:cd:4c:22:1b:6d:20:8b:b8:b4:d9:b5:3e:b3:d6:00:cc:
        cd:0d:51:10:87:36:0c:e9:c9:b3:bd:10:50:0e:ed:1a:ac:44:
        11:75:ab:6a:0c:f7:1a:c3:62:a3:c1:61:ca:d1:4b:71:e4:17:
        21:58:b5:4d:a8:5e:f9:7e:56:1f:bf:ab:2d:78:fa:3a:74:bb:
        c4:a8:37:88:8d:73:1d:3f:da:6d:20:70:96:21:f1:16:d6:f0:
        16:53:f1:e2:0c:8f:87:3e:d8:fe:f6:90:5b:db:cb:2e:d5:64:
        3a:82:6a:fc:3d:a6:3e:6b:dc:75:28:35:27:b1:b0:df:4d:56:
        2f:33:10:b6:66:58:f6:89:04:0b:8f:8f:2d:8d:fb:e1:37:03:
        57:28:81:ca:d8:da:ff:64:e5:07:87:8a:ef:b7:45:9e:b2:c9:
        25:eb:2d:c0:77:21:69:93:e1:32:c6:6f:f5:51:07:c3:03:00:
        b8:d6:9d:39

1883 / tcp

-1602614787 | 2025-03-12T17:43:16.673207

MQTT Connection Code: 0

Topics:
$SYS/broker/version
$SYS/broker/timestamp
$SYS/broker/uptime
$SYS/broker/clients/total
$SYS/broker/clients/inactive
$SYS/broker/clients/disconnected
$SYS/broker/clients/active
$SYS/broker/clients/connected
$SYS/broker/clients/expired
$SYS/broker/clients/maximum
$SYS/broker/messages/stored
$SYS/broker/messages/received
$SYS/broker/messages/sent
$SYS/broker/subscriptions/count
$SYS/broker/retained messages/count
$SYS/broker/heap/current
$SYS/broker/heap/maximum
$SYS/broker/publish/messages/dropped
$SYS/broker/publish/messages/received
$SYS/broker/publish/messages/sent
$SYS/broker/publish/bytes/received
$SYS/broker/publish/bytes/sent
$SYS/broker/bytes/received
$SYS/broker/bytes/sent
$SYS/broker/load/messages/received/1min
$SYS/broker/load/messages/received/5min
$SYS/broker/load/messages/received/15min
$SYS/broker/load/messages/sent/1min
$SYS/broker/load/messages/sent/5min
$SYS/broker/load/messages/sent/15min
$SYS/broker/load/publish/received/1min
$SYS/broker/load/publish/received/5min
$SYS/broker/load/publish/received/15min
$SYS/broker/load/publish/sent/1min
$SYS/broker/load/publish/sent/5min
$SYS/broker/load/publish/sent/15min
$SYS/broker/load/bytes/received/1min
$SYS/broker/load/bytes/received/5min
$SYS/broker/load/bytes/received/15min
$SYS/broker/load/bytes/sent/1min
$SYS/broker/load/bytes/sent/5min
$SYS/broker/load/bytes/sent/15min
$SYS/broker/load/sockets/1min
$SYS/broker/load/sockets/5min
$SYS/broker/load/sockets/15min
$SYS/broker/load/connections/1min
$SYS/broker/load/connections/5min
$SYS/broker/load/connections/15min
QOzUTO0ETM9c
xMTO2kjN8a39
$SYS/broker/uptime
$SYS/broker/clients/total
$SYS/broker/clients/maximum
$SYS/broker/clients/inactive
$SYS/broker/clients/disconnected
$SYS/broker/clients/active
$SYS/broker/clients/connected
$SYS/broker/load/messages/received/1min
$SYS/broker/load/messages/sent/1min
$SYS/broker/load/publish/received/1min
$SYS/broker/load/publish/sent/1min
$SYS/broker/load/bytes/received/1min
$SYS/broker/load/bytes/sent/1min
$SYS/broker/load/sockets/1min
$SYS/broker/load/connections/1min
$SYS/broker/load/messages/received/5min
$SYS/broker/load/messages/sent/5min
$SYS/broker/load/publish/received/5min
$SYS/broker/load/publish/sent/5min
$SYS/broker/load/bytes/received/5min
$SYS/broker/load/bytes/sent/5min
$SYS/broker/load/sockets/5min
$SYS/broker/load/connections/5min
$SYS/broker/load/messages/received/15min
$SYS/broker/load/messages/sent/15min
$SYS/broker/load/publish/received/15min
$SYS/broker/load/publish/sent/15min
$SYS/broker/load/bytes/received/15min
$SYS/broker/load/bytes/sent/15min
$SYS/broker/load/sockets/15min
$SYS/broker/load/connections/15min
$SYS/broker/subscriptions/count
$SYS/broker/heap/current
$SYS/broker/messages/received
$SYS/broker/messages/sent
$SYS/broker/publish/messages/received
$SYS/broker/publish/messages/sent
$SYS/broker/bytes/received
$SYS/broker/bytes/sent
$SYS/broker/publish/bytes/received
$SYS/broker/publish/bytes/sent
gN5MTMzATM09
5IDM5ATO1b51
14iNzYTO0ETM
yQTNwMDO2150
14SOwYDMwATM
UjLzgDNxkzN1
AO5ADM1ETM0d
AMwMTNxETM90
UjL2YTM5QTMe
UjLwUTM2MzNf
QNuIDOxQjN39
3kzMzIzN237c
14CN5AzN0ETM
UjLykDN4czN4
14iN4czNwETM
QO2QDNyATM40
UjLxMTM0EzNe
14SOwYDMwATM
14iM5QDM0ETM
UjL4EDN3kzN3
2YTNwgDOfaa7
UjL1YzNxgzM9
UjL4cDNyETO7
yQTN2QzN1e22
ANxQDO0ETM2e
14yNxADM0ATM

Vulnerabilities

1 10 6

168.119.212.208

Last Seen: 2025-03-20

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

-1427803479 | 2025-03-20T20:34:00.992197

Hashes

nginx

81 / tcp

-1872554614 | 2025-03-11T16:42:27.788140

Hashes

nginx

443 / tcp

-1370418494 | 2025-03-20T22:41:36.934236

Hashes

nginx

1883 / tcp

-1602614787 | 2025-03-12T17:43:16.673207

Mosquitto1.4.10

Products

Pricing

Contact Us

168.119.212.208

Last Seen: 2025-03-20

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 81 Port 1883 Latest CVSS

OpenPorts

80 / tcp -1427803479 | 2025-03-20T20:34:00.992197

Hashes

nginx

81 / tcp -1872554614 | 2025-03-11T16:42:27.788140

Hashes

nginx

443 / tcp -1370418494 | 2025-03-20T22:41:36.934236

Hashes

nginx

1883 / tcp -1602614787 | 2025-03-12T17:43:16.673207

Mosquitto1.4.10

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

-1427803479 | 2025-03-20T20:34:00.992197

81 / tcp

-1872554614 | 2025-03-11T16:42:27.788140

443 / tcp

-1370418494 | 2025-03-20T22:41:36.934236

1883 / tcp

-1602614787 | 2025-03-12T17:43:16.673207