Webmin 输入验证错误漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. An input validation error vulnerability exists in Webmin version 1.962, which stems from miniserv.pl incorrectly handling special characters in the query parameters of a CGI program, and...

Buffer overflow

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...

CVE-2019-14698

MicroDigital N-series cameras (firmware up to 6400.0.8.5) expose a vulnerability in a CGI program running under the HTTPD web server. A buffer overflow in the param parameter allows remote code execution in the nobody context. This is a server-side flaw in the CGI component and is stated as enabl...

Cisco RV320 Unauthenticated Configuration Export Vulnerability

The configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor. Cisco RV320 Unauthenticated Configuration Export Vulnerability Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly...

Cisco RV320 Unauthenticated Diagnostic Data Retrieval

Advisory: Cisco RV320 Unauthenticated Diagnostic Data Retrieval RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others...

CVE-2018-7780

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set"...

Remote code execution

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc...

CVE-2006-7098

The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...

Fumy Teacher's Schedule Board vulnerable to cross-site scripting

Overview Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

CVE-2014-3896

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

qmailadmin 1.0.x Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on...

CrossWind CyberScheduler 2.1 websyncd remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2628/info CrossWind CyberScheduler is a scheduling and calendaring package. It consists of two distinct parts for - a set of cgi scripts on a web server and a set of daemons or services on a database server. Both parts ar...

CdomainFree <= 2.4 - Remote File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/304/info A vulnerability in a CGI program part of CdomainFree allows remote malicious users to run any executable already existing to the machine. The vulnerability is in the whoisraw.cgi program. This CGI passes user inp...

Wolfram Research webMathematica 4.0 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied inpu...

Omnicron OmniHTTPD 1.1/2.4 Pro Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program imagemap, which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of boun...

Miva htmlscript 2.x Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2001/info Miva's htmlscript CGI program provides a unique scripting language with HTML type tags. Note that htmlscript is an older product no longer distributed by Miva under that name. Versions of the htmlscript...

HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow

No description provided by source. $Id: hpnnmsnmpvieweractapp.rb 12098 2011-03-23 15:47:20Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Hughes Technologies Mini SQL (mSQL) 2.0.11 w3-msql Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/898/info w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the...

HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HEAD', :uri =...

ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-003 January 5, 2012 - -- CVE ID: CVE-2011-3166 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...