CVE-2019-10662

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...

CVE-2018-11689

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewerloginpage data3 parameter. The same Web Viewer codebase was transitioned from Samsung to Hanwha...

CVE-2017-9032

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 T1 or 2 tmLastConfigFileModifiedDate parameter to logmanagement.cgi...

[ MDVSA-2014:237 ] perl-Mojolicious

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:237 http://www.mandriva.com/en/support/security/ Package : perl-Mojolicious Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Mojolicious package fixes security...

Updated perl-Mojolicious packages fix a security vulnerability

Updated perl-Mojolicious package fixes security vulnerability: An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks...

phpMyNewsLetter 0.6.10 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow an attacker ...

Oracle Application Server Reports desname Arbitrary File Overwriting (CVE-2005-2371)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. One of such component is the Oracle Reports Services. The Reports Services component allows...

Cross site scripting

Cross-site scripting XSS vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages...

CVE-2008-6945

Multiple cross-site scripting XSS vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mvorderitem CGI variable parameter in Core, 2 the country-select widget, or 3 possibly the value...

Buffer overflow

Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service device reboot via a malformed CGI parameter...

CVE-2007-3368

Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service device reboot via a malformed CGI parameter...

Mercantec SoftCart CGI Overflow

This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b. This module...

USN-290-1: awstats vulnerability

Hendrik Weimer discovered a privilege escalation vulnerability in awstats. By supplying the 'configdir' CGI parameter and setting it to an attacker-controlled directory such as an FTP account, /tmp, or similar, an attacker could execute arbitrary shell commands with the privileges of the web serv...

USN-285-1: awstats vulnerability

AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static...

Pi3Web < 2.0.1 CGI Handler Long Parameter Handling Overflow

The remote server may crash when it is sent a very long CGI parameter multiple times, as in : GET /cgi-bin/hello.exe?AAAAA...AAAA An attacker may use this flaw to prevent the remote host from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. We do banner checking, as I could...

Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (5)

source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS...