52.37.104.59

Regular View Raw Data

Last Seen: 2024-09-14

Tags:

GeneralInformation

Hostnames	ec2-52-37-104-59.us-west-2.compute.amazonaws.com
Domains	amazonaws.com
Cloud Provider	Amazon
Cloud Region	us-west-2
Cloud Service	EC2
Country	United States
City	Boardman
Organization	Amazon Technologies Inc.
ISP	Amazon.com, Inc.
ASN	AS16509
Operating System	Windows

WebTechnologies

JavaScript libraries

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts

-1309899807 | 2024-09-14T01:14:29.966081

80 / tcp

SHININGWAY Electronics

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 45521
Content-Type: text/html; Charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSAQDSDBA=ICBGFPLBOJAANACNJPAOPGFL; path=/
X-Powered-By: ASP.NET
Date: Sat, 14 Sep 2024 01:06:53 GMT

CVE-2010-3972 CVE-2010-2730 CVE-2020-11023 CVE-2020-11022 CVE-2020-7656 5 moreCVE-2019-11358 CVE-2015-9251 CVE-2012-6708 CVE-2011-4969 CVE-2010-1899

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved

\", which results in the enclosed script logic to be executed.","verified":false},"CVE-2019-11358":{"cvss":4.3,"ports":[80],"summary":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","verified":false},"CVE-2015-9251":{"cvss":4.3,"ports":[80],"summary":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.","verified":false},"CVE-2012-6708":{"cvss":4.3,"ports":[80],"summary":"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.","verified":false},"CVE-2011-4969":{"cvss":4.3,"ports":[80],"summary":"Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.","verified":false},"CVE-2010-3972":{"cvss":10.0,"ports":[80],"summary":"Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka \"IIS FTP Service Heap Buffer Overrun Vulnerability.\" NOTE: some of these details are obtained from third party information.","verified":false},"CVE-2010-2730":{"cvss":9.3,"ports":[80],"summary":"Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka \"Request Header Buffer Overflow Vulnerability.\"","verified":false},"CVE-2010-1899":{"cvss":4.3,"ports":[80],"summary":"Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka \"IIS Repeated Parameter Request Denial of Service Vulnerability.\"","verified":false}}; setupBannerCve(); setupVulns(VULNS); })();