EUVD-2026-30206

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

EUVD-2013-7104

Malware in sbrugna...

EUVD-2020-0227

Malware in sbrugna...

EUVD-2016-7538

Malware in sbrugna...

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

SUSE CVE-2013-7329

The CGI::Application module before 4.5050 and 4.5051 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information web queries and environment details via vectors related to the dumphtml function...

SUSE CVE-2016-6631

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

CVE-2021-33621

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

Mageia: Security Advisory (MGASA-2014-0098)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netgear RAX43 Command Injection Vulnerability

Netgear RAX43 is a wireless router from Netgear, Inc. A command injection vulnerability exists in Netgear RAX43, which stems from the inclusion of a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. No details of the...

Command injection

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

NETGEAR Smart Cloud Switch Command Injection Vulnerability (PSV-2021-0071)

Multiple NETGEAR Smart Cloud Switch devices are prone to an unauthenticated command injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

Command injection

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

CVE-2021-33514

CVE-2021-33514 affects multiple NETGEAR devices (e.g., GC108P/GC108PP/GS108Tv3/GS110TPPv1/GS110TPv3/GS110TUPv1/GS710TUPv1/GS716TP/GS716TPP/GS724TPP/v1/v2/GS728TPPv2/GS752TPPv1/v2/MS510TXM/MS510TXUP) with a pre-authentication command injection in the CGI setup path. The root cause is improper hand...

Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...

CVE-2016-1000111

CVE-2016-1000111 affects Twisted before 16.3.1, where the Proxy header can initialize HTTP_PROXY for CGI scripts, enabling potential redirection of outbound traffic to an attacker-controlled proxy (httpoxy). Connected advisories (e.g., Red Hat RHSA-2018:0273, SUSE SUSE-SU-2017:0114-1, Ubuntu USN-...