EulerOS 2.0 SP13 : httpd (EulerOS-SA-2026-1242)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

CVE-2026-29046

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20030-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20030-1 advisory. - CVE-2025-55753: Fixed modmd ACME, unintended retry intervals bsc1254511 - CVE-2025-58098: Fixed Server Side Includes adds query string to exec...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1318)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1318 advisory. Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=... directives. CVE-2025-58098 Improper...

EUVD-2025-201404

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

EUVD-2016-5849

Malware in sbrugna...

shellshocker-pocs

This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...

Session fixation

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

CVE-2016-4869

CVE-2016-4869 (Cybozu Office) : Cybozu Office versions 9.0.0–10.4.0 contain an information disclosure vulnerability where a page displaying CGI environment variables can leak session information. An unauthenticated remote attacker may obtain a user’s session data via that page. The issue’s impact...

JVN#09736331: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page...

JVN#03052683: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the pa...

DNS Reverse Lookup Shellshock

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary: Above CVEs detail a number ...

Musicqueue multiple local vulnerabilities

======================================== INetCop Security Advisory 2003-0x82-020 ======================================== Title: Musicqueue multiple local vulnerabilities 0x01. Description Musicqueue is a CGI music jukebox using external tools to play the files. Because of that it supports severa...