Fedora: Security Advisory for php (FEDORA-2020-4573f0e03a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs which generates a large number of processes.

...

CVE-2020-15489

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges...

CVE-2020-15490

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. The set of affected scripts is similar to CVE-2020-12266...

CVE-2020-15490

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. The set of affected scripts is similar to CVE-2020-12266...

Buffer overflow

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. The set of affected scripts is similar to CVE-2020-12266...

Design/Logic Flaw

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges...

CVE-2020-15489

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges...

CVE-2020-15490

CVE-2020-15490 affects Wavlink WL-WN530HG4 (M30HG4.V5030.191116) via multiple CGI script buffer overflow vulnerabilities that allow remote code execution with root privileges. The related Red Hat CVE-2020-12266 description confirms externally accessible, unauthenticated pages exposing extensive d...

Privilege Escalation

redhat-ds-admin is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the Red Hat Administration Server did to properly restrict access to CGI scripts. An unauthenticated remote user with access to the TCP port used by the Administration Server could access...

DEBIAN-CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

Arbitrary file deletion

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

Softing uaGate SI, uaGate MB and uaGate 840D Command Injection Vulnerabilities

Softing uaGate SI and others are products of Softing Germany.Softing uaGate SI is a compact industrial gateway.Softing uaGate 840D is an IoT gateway.Softing uaGate MB is a gateway for Modbus TCP controllers. A command injection vulnerability exists in the CGI scripts in the Softing uaGate SI,...

Denial Of Service (DoS)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a...

[SECURITY] Fedora 30 Update: php-7.3.3-1.fc30

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Authorization Bypass

httpd is vulnerable to authorization bypass. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for...

Open Redirection

httpd is vulnerable to open redirection. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoi...