PT-2026-50161

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description An issue exists where forward auth copy headers deletes client-supplied identity headers before copying trusted values from an authentication gateway. However, when requests are processed via php...

EUVD-2026-9972

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

Improper Neutralization

Apache HTTP Server is vulnerable to Improper Neutralization. The vulnerability is due to environment variables set via Apache configuration improperly overriding server-calculated CGI variables, which allows an attacker to influence CGI execution by injecting or manipulating control sequences...

Astra Linux – Vulnerability in Apache2

Improper neutralization of vulnerabilities related to escape, meta, or control sequences in the Apache HTTP Server, caused by unexpected overrides of variables calculated by the server for CGI programs, through environment variables set via Apache configuration. This issue affects the Apache HTTP...

UBUNTU-CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

EUVD-2018-19367

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2013-7108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticate...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Information disclosure

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Cross site scripting

Monitorix before 3.10.1 allows XSS via CGI variables...

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables...

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables...

Dell EMC iDRAC7 and iDRAC8 Code Execution Vulnerabilities

Dell EMC iDRAC7 and iDRAC8 are both hardware and software-inclusive system management solutions from Dell USA. The solutions provide remote management, crash system recovery and power control for Dell PowerEdge systems. A security vulnerability exists in Dell EMC iDRAC7 and iDRAC8. A remote...

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

MyMarket 1.71 Form_Header.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6035/info MyMarket is prone to cross-site scripting attacks. HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link t...

openSUSE Security Update : FastCGI (openSUSE-2011-102)

added FastCGI-fixdeprecatedapi.patch: bnc735882 Fixes an issue where CGI.pm received CGI variables from previous requests. CVE-2011-2766 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

FreeBSD : nagios -- denial of service vulnerability (ba04a373-7d20-11e3-8992-00132034b086)

Eric Stanley reports : Most CGIs previously incremented the input variable counter twice when it encountered a long key value. This could cause the CGI to read past the end of the list of CGI variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)

The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...