CVE-2026-22781

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...

FreeBSD : webmin -- CGI Command Injection Remote Code Execution (805ad2e0-49da-11f0-87e8-bcaec55be5e5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 805ad2e0-49da-11f0-87e8-bcaec55be5e5 advisory. Webmin reports: A less-privileged Webmin user can execute commands as root via a vulnerability in the...

PHP CGI Argument Injection Remote Code Execution

PHP versions 5.0.0 8.1.29, 8.2.x 8.2.20, 8.3.x 8.3.8 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request only when PHP is installed with Apache2 and PHP-CGI on Windows with certain languages code pages. No source data...

Dell EMC Code Injection (CVE-2018-1207)

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. This plugin only works with Tenable.ot. Please visit...

CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors...

Design/Logic Flaw

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code...

CVE-2018-1207

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code...

Immunity Canvas: IDRAC_APPWEB_RCE

Name| idracappwebrce ---|--- CVE| CVE-2018-1207 Exploit Pack| CANVAS Description| iDrac8 WebApp RCE Notes| CVE Name: CVE-2018-1207 NOTES: This module exploits a CGI Injection vulnerability in iDRAC8 in order to achieve Remote Code Execution. We upload a shared library that we can then invoke with...

CVE-2018-1207

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code...

CVE-2018-1207

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code...

CVE-2018-1207

Dell EMC iDRAC7/iDRAC8 (firmware

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

PHP CGI Injection

Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit Date: May 4, 2012 Author: rayh4c0x4080sec0x2ecom Exploit Discovered by wofeiwo0x4080sec0x2ecom import socket import sys def cgiexploit: pwncode = """""" postLength = lenpwncode httpraw="""POST...

QuickTime Streaming Server parse_xml.cgi Remote Execution

The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

Command injection

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command...