CVE-2019-13273

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter...

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

CVE-2019-15051

An issue was discovered in Softing uaGate SI, MB, 840D firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter...

CVE-2002-1854

Rlaj whois CGI script whois.cgi 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field...

CVE-1999-0191

IIS newdsn.exe CGI script allows remote users to overwrite files...

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity and management. The TOTOLINK A3700R suffers from an improper access control vulnerability that originates from improper access control of the setUPnPCfg function in the file /cgi-bin/cstecgi.cgi. No detailed...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the eMinute parameter. Exploiti...

[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

The vulnerability in the prog.cgi module of the SetIPv6PppoeSettings software, which is used by D-Link DIR-853 A1 routers, allows a hacker to cause a service failure.

The vulnerability in the prog.cgi script of the SetIPv6PppoeSettings module of the D-Link DIR-853 A1 router’s microprogramming system is related to buffer overflow during the processing of the IPv6PppoePassword parameter. Exploiting this vulnerability can allow an attacker to cause a service...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

DeepSeek Insecure Code Generation

DeepSeek appears to return horribly insecure code by default. Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI 3 returned: ==== name = form.getvalue'NAME', 'World' Default to 'World' if NAME is not...

CVE-2024-43660

The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including...

CVE-2024-43660

The CVE-2024-43660 issue affects Iocharger AC model chargers running firmware before 24120701. A CGI script (.sh) can be abused to download arbitrary files from the device filesystem (e.g., /etc/shadow, script source, binaries, config files). Attack is network-exposed and can be executed with low...

CVE-2024-12352 TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This vulnerability affects the function sub40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The...

The vulnerability in the l2tp.cgi script of the Netgear R8500, XR300, R7000P, and R6400 v2 router software allows a hacker to cause a service failure.

The vulnerability in the l2tp.cgi script of Netgear routers such as R8500, XR300, R7000P, and R6400 v2 lies in the copying of buffer data without checking the size of the input data during the processing of the l2tpuserip parameter. Exploiting this vulnerability allows a malicious actor to cause...

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

The vulnerability of the SetPortForwardingSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetPortForwardingSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists because measures to neutralize special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the cgi_FMT_R12R5_2nd_DiskMGR function in the /cgi-bin/hd_config.cgi component of D-Link routers’ microprogramming software allows a attacker to execute arbitrary code.

The vulnerability of the cgiFMTR12R52ndDiskMGR function in the /cgi-bin/hdconfig.cgi component of D-Link routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...