4 matches found
AZL-71590 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
VulnCheck KEV: CVE-2024-10915
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...
Exploit for Improper Neutralization in Dlink Dns-320_Firmware
CVE-2024-10914 - D-Link Remote Code Execution RCE This repo...
The vulnerability of the cgi_user_add function in the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L allows a hacker to execute arbitrary code.
The vulnerability of the cgiuseradd function in the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute...