CLSA-2026-1778535928 python: Fix of 2 CVEs

CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the legacy '?:.,' prefix is replaced with the upstream-3.x form '?:^|,' and the scheme charset excludes ',' to prevent quadratic backtracking on crafted WWW-Authenticate headers - CVE-2021-23336: stop accepting ';' as a default...

MiracleLinux 4 : perl-5.10.1-130.AXS4 (AXSA:2013-320:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-320:01 advisory. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is...

MiracleLinux 4 : perl-5.10.1-119.AXS4 (AXSA:2011-570:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-570:01 advisory. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

EUVD-2002-0246

Malware in sbrugna...

EUVD-2003-0093

Malware in sbrugna...

EUVD-2004-0981

Malware in sbrugna...

PHP CGI Module 8.3.4 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: PHP CGI Module 8.3.4 - Remote Code Execution RCE Date: 2025-06-13 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/yigitsql old account banned Vendor Homepage: https://www.php.net/ Software Link: https://www.php.net/downloads Version: PH...

CVE-2012-3513

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command...

Python 3.12 Documentation Cross Site Scripting

The official Python 3.12 documentation provides a code example that results in implementing insecure code susceptible to cross site scripting. Python's official documentation contains textbook example of insecure code XSS Date: 2025-02-18 Author: Georgi Guninski From the official Python 3.12...

BIT-PHP-MIN-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

SUSE CVE-2010-4410

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

Exploit for Path Traversal in Apache Http_Server

Exploit for Apache2 Exploit for path transversal vulnerabilit...

Exploit for Path Traversal in Apache Http_Server

This is a PoC exploit for CVE-2021-41773 and CVE-2021-42013, whi...

Exploit for Path Traversal in Apache Http_Server

This is a PoC exploit for CVE-2021-41773, a remote code executio...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 复现 https://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited v2.4.49 apache 独有漏洞，早期版本中并没有 apnormalizepath 这个函数，该函数是在v2.4.49版本中引入的，正是这个函数导致了 目录穿越，在 v2.4.50 被修复了 环境 https://github.com/1nhann/CVE-2021-41773 本环境中，加载了 cgi 模块： ini LoadModule...

D-Link DSL-2640B B2 Authorization Issue Missing

The D-Link DSL-2640B B2 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DSL-2640B B2 EU4.01B version. An attacker can exploit this vulnerability by accessing the cgi module to bypass authentication and perform administrative operations e.g.,...

Privilege Escalation

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to...

Memory Corruption

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...