Lucene search
K

405 matches found

OSV
OSV
added 2016/08/05 2:59 p.m.5 views

CVE-2016-6140

SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591...

9.8CVSS5.9AI score0.05532EPSS
Exploits0References5
OSV
OSV
added 2016/07/25 12:0 a.m.4 views

UBUNTU-CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.04689EPSS
Exploits0References4
CNVD
CNVD
added 2016/07/19 12:0 a.m.58 views

Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...

8.1CVSS9.3AI score0.55724EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/07/18 4:50 p.m.8 views

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

8.1CVSS6.8AI score0.55724EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/07/18 3:30 p.m.7 views

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

8.1CVSS6.8AI score0.55724EPSS
Exploits0References7
OSV
OSV
added 2016/07/18 2:0 p.m.5 views

UBUNTU-CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS7AI score0.0522EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability exists in the modcgid module of the Apache HTTP Server due to the absence of a timeout mechanism. Exploiting this vulnerability allows malicious actors to cause a service failure by sending requests to the CGI script, thereby ignoring the data from their own stdin descriptor...

5CVSS6.7AI score0.43809EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.8 views

The vulnerability of the Cisco Nexus 5000 software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...

10CVSS8.5AI score0.99999EPSS
Exploits131References2
CNVD
CNVD
added 2016/07/01 12:0 a.m.2 views

MileSight camera Web UI CGI Buffer Overflow Vulnerability

MileSight camera is a network camera produced by Xiamen PulseVision Digital Technology Co. A Web UI CGI buffer overflow vulnerability exists in MileSight camera. An attacker can exploit the vulnerability to cause the camera's web interface to crash and remotely execute arbitrary code...

7.7AI score
Exploits0
OSV
OSV
added 2015/12/03 8:59 p.m.4 views

UBUNTU-CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...

7.5CVSS6.2AI score0.02326EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2015/12/01 12:0 a.m.4 views

PT-2015-7793 · Philip Hazel +2 · Pcre +2

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of the -q option for binary files by pcregrep in PCRE, potentially allowing remote attackers to obtain sensitive information via a crafted file. This could be exploit...

9.8CVSS7AI score0.09157EPSS
Exploits12References122
GithubExploit
GithubExploit
added 2015/06/26 11:34 p.m.8 views

Exploit for OS Command Injection in Gnu Bash

ShellShock-CGI-Scan =================== A script, in C, to chec...

10CVSS7AI score0.99999EPSS
Exploits131
CNVD
CNVD
added 2015/06/11 12:0 a.m.2 views

Multiple Igreks MilkyStep Products Cross-Site Scripting Vulnerabilities

Igreks MilkyStep is a CGI for pushing magazines through the email system. A cross-site scripting vulnerability exists in multiple Igreks MilkyStep products, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...

4.3CVSS6AI score0.01184EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/28 12:0 a.m.5 views

Moxa VPort ActiveX SDK Plus Stack Buffer Overflow Vulnerability

Moxa's VPort SDK PLUS, including CGI command, ActiveX control and API libraries, allows third-party developers to easily integrate customized monitoring applications. Moxa VPort ActiveX SDK Plus suffers from a stack buffer overflow vulnerability. A remote attacker can exploit the vulnerability by...

7.5CVSS7.5AI score0.0242EPSS
Exploits0References1
OSV
OSV
added 2015/02/17 6:14 p.m.8 views

USN-2501-1 php5 vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...

7.5CVSS7AI score0.53166EPSS
Exploits14References8
CNVD
CNVD
added 2015/02/02 12:0 a.m.3 views

SYNCK GRAPHICA Download Log CGI Directory Traversal Vulnerability

A directory traversal vulnerability in the SYNCK GRAPHICA Download Log CGI allows remote attackers to overwrite arbitrary files in an application context using a directory traversal sequence with a specially crafted request '... /' to overwrite arbitrary files in the context of an application...

5CVSS7AI score0.01911EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/08/21 3:29 p.m.7 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 3:6 p.m.6 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 3:3 p.m.5 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 2:52 p.m.7 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
Rows per page
Query Builder