[SECURITY] Fedora 27 Update: mod_perl-2.0.10-9.fc27

Modperl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Modperl links the Perl run-time library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a...

pinger.unesp.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-631745 Description| Value ---|--- Affected Website:| pinger.unesp.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

waad.org.lb XSS vulnerability

Open Bug Bounty ID: OBB-628486 Description| Value ---|--- Affected Website:| waad.org.lb Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

site.sourceoflight.net XSS vulnerability

Open Bug Bounty ID: OBB-599021 Description| Value ---|--- Affected Website:| site.sourceoflight.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...

JVN#64990648: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user's...

JVN#46471407: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. QQQ SYSTEMS contains a stored cross-site scripting vulnerability CWE-79. When an administrative user of the software accesses a malicious page created by an attacker, an arbitrary script may be executed. Impact Due to...

JVN#96655441: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user...

mainevisitorsnetwork.com XSS vulnerability

Open Bug Bounty ID: OBB-576632 Description| Value ---|--- Affected Website:| mainevisitorsnetwork.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Conceptronic CIPCAMPTIWL Cross-Site Request Forgery Vulnerability

Conceptronic CIPCAMPTIWL is a wireless network camera product from Conceptronic Germany. A cross-site request forgery vulnerability exists in the hy-cgi/user.cgi file in Conceptronic CIPCAMPTIWL version 3 0.61.30.21. A remote attacker could exploit this vulnerability to change the administrator...

slapper.apam.columbia.edu XSS vulnerability

Open Bug Bounty ID: OBB-528266 Description| Value ---|--- Affected Website:| slapper.apam.columbia.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

VulnCheck KEV: CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...

Exploit for Command Injection in Php

It is an exploit module/toolkit targeting web servers. The targe...

CVE-2017-8838

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi...

CMVISION CM-NVST-MP08 Command Injection Vulnerability

The ddnsserver.cgi script on the device's webserver that runs as root is vulnerable to remote command execution by an authenticated user, with the default password being "admin:admin". The address GET parameter is fed to the command line by the CGI script without sanitization for semicolons,...

mail.laboratoire-abc.fr XSS vulnerability

Vulnerable URL:...

Directory traversal

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

CVE-2017-7461

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

CVE-2017-7461

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path...

CVE-2017-7462

Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory...