Lucene search
K

249 matches found

GithubExploit
GithubExploit
added 2015/06/26 11:34 p.m.7 views

Exploit for OS Command Injection in Gnu Bash

ShellShock-CGI-Scan =================== A script, in C, to chec...

10CVSS7AI score0.99999EPSS
Exploits131
CNVD
CNVD
added 2015/06/11 12:0 a.m.2 views

Multiple Igreks MilkyStep Products Cross-Site Scripting Vulnerabilities

Igreks MilkyStep is a CGI for pushing magazines through the email system. A cross-site scripting vulnerability exists in multiple Igreks MilkyStep products, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...

4.3CVSS6AI score0.01184EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/28 12:0 a.m.5 views

Moxa VPort ActiveX SDK Plus Stack Buffer Overflow Vulnerability

Moxa's VPort SDK PLUS, including CGI command, ActiveX control and API libraries, allows third-party developers to easily integrate customized monitoring applications. Moxa VPort ActiveX SDK Plus suffers from a stack buffer overflow vulnerability. A remote attacker can exploit the vulnerability by...

7.5CVSS7.5AI score0.0242EPSS
Exploits0References1
OSV
OSV
added 2015/02/17 6:14 p.m.7 views

USN-2501-1 php5 vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...

7.5CVSS7AI score0.53166EPSS
Exploits14References8
CNVD
CNVD
added 2015/02/02 12:0 a.m.3 views

SYNCK GRAPHICA Download Log CGI Directory Traversal Vulnerability

A directory traversal vulnerability in the SYNCK GRAPHICA Download Log CGI allows remote attackers to overwrite arbitrary files in an application context using a directory traversal sequence with a specially crafted request '... /' to overwrite arbitrary files in the context of an application...

5CVSS7AI score0.01911EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/08/06 3:6 p.m.6 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 3:3 p.m.4 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 2:52 p.m.7 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/07/23 10:0 a.m.4 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
OSV
OSV
added 2014/06/25 12:0 a.m.3 views

UBUNTU-CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

9.8CVSS7AI score0.247EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2012/05/11 5:34 p.m.7 views

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS7.8AI score0.99998EPSS
Exploits42References5
VulnCheck KEV
VulnCheck KEV
added 2012/05/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2012-2311

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line...

7.5CVSS7.7AI score0.68846EPSS
Exploits1References1
PyPA
PyPA
added 2010/09/24 7:0 p.m.6 views

PYSEC-2010-31

Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program...

4.3CVSS6AI score0.0253EPSS
Exploits0References15Affected Software1
Check Point Advisories
Check Point Advisories
added 2009/12/02 12:0 a.m.13 views

IBM Lotus Domino Web Service Denial of Service (CVE-2005-0986)

IBM Lotus Domino server software provides messaging, calendar/scheduling and other collaborative applications. A vulnerability exists in IBM's Lotus Domino Web Server, in the HTTP server included with Lotus Domino, specifically in the way it handles Common Gateway Interface CGI requests. The flaw...

5CVSS6.1AI score0.06994EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2008/09/15 12:0 a.m.5 views

PT-2008-5380 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions 2.8.17 and earlier Description: The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. Thi...

7.8CVSS6.7AI score0.02831EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

BBSNote cross-site scripting vulnerability

Overview BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments. Impact A malicious script may be executed on the user's web browser. Solution None...

5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.1 views

FreeStyleWiki command injection vulnerability

Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...

7.5CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6AI score0.01033EPSS
Exploits0References7
OSV
OSV
added 2007/11/21 9:46 p.m.2 views

DEBIAN-CVE-2007-6077

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

6.8CVSS6.5AI score0.02512EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2006/11/08 3:46 p.m.4 views

Ruby CGI multipart parsing DoS

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

5CVSS7.2AI score0.04071EPSS
Exploits1References4
Rows per page
Query Builder