CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

PT-2024-6510 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setSyslogCfg function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

CVE-2024-0113

Technical details related to CVE-2024-0113 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories for affected products.

CVE-2024-0113

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure...

The vulnerability of the main function (/cgi-bin/cstecgi.cgi?action=login&flag=1) of the Totolink N350RT router’s software allows a hacker to execute arbitrary code.

The vulnerability of the main function /cgi-bin/cstecgi.cgi?action=login&flag=1 of the Totolink N350RT router’s software is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2022-41525

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi...

CVE-2019-10663

Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI...

RICOH Aficio MP 305+ Cross-Site Scripting Vulnerability

The RICOH Aficio MP 305+ is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area in the RICOH Aficio MP 305+. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

CVE-2017-8219

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI...

Apache 2.2 (Windows) Local Denial of Service

Exploit for windows platform in category dos / poc ============================================ Apache 2.2 Windows Local Denial of Service ============================================ !c:\perl\bin\ Exploit Title: Apache 2.2 local denail of service windows Date: 25/10/2010 Author: FB1H2S Software...

BRS Webweaver 1.33 - Scripts Access Restriction Bypass

BRS Webweaver 1.33 - Scripts Access Restriction Bypass Name : BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility Author : Usman Saeed Company : Xc0re Security Reasearch Group Date : 15/09/09 Homepage : http://www.xc0re.net Download Page :...

No title provided

The initrequestinfo function in sapi/cgi/cgimain.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATHTRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI...

PHP Resource Exhaustion Denial of Service

The PHP interpreter is a heavy-duty CGI EXE or SAPI module, depending on configuration that implements an HTML-embedded script language. A vulnerability in PHP can be used to cause a denial of service in some cases. PHP's install process on Apache requires a "/php/" alias to be created, as it...