CVE-2025-70545

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2025-70545

CVE-2025-70545 describes a stored XSS in the web management CGI of the Belden PPC ONT 2K05X router (firmware v1.1.9_206L). The vulnerability arises from improper handling of user input, enabling a remote, unauthenticated attacker to inject JavaScript that is persistently stored and executed when ...

PT-2025-42828

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...

CVE-2025-10546

Vulnerability: CVE-2025-10546 affects PPC 2K15X Router. Root cause: improper input validation of CGI parameters in the web management portal. Impact: remote attacker can inject JavaScript to achieve reflected XSS on the target system. Exploitation status: described as remote/network-based, with u...

Input validation

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI...

USN-4569-1 yaws vulnerabilities

It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...

GNUMP3d: Directory traversal and insecure temporary file creation

Background GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Description Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing fo...

GLSA-200501-36 : AWStats: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200501-36 AWStats: Remote code execution When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin...

Дырка в News Publisher CGI

Из-за недостаточной проверки ввода пользователя есть возможность добавлять пользователей...

htdig.txt

software: ht://Dig URL: http://www.htdig.org/ Version: 3.1.4, 3.2.0b1 and previous Platforms: Unix, Win32, MacOS, Mac OS X Server Type: CGI, Input validation problem Vendor status: Notified, patch already available Date: 02/28/2000 Summary: Any remote user can view arbitrary files on your system...

Info2www 1.0/1.1 - CGI Input Handling

source: https://www.securityfocus.com/bid/1995/info The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part of ...