AudioCode 400HD Remote Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

Cross site request forgery (csrf)

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

[SECURITY] Fedora 28 Update: php-7.2.13-2.fc28

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2018-19646

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

Authentication flaw

The SV3C HD Camera L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the...

CVE-2018-12667

The SV3C HD Camera L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the...

CVE-2018-12667

The SV3C HD Camera L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the...

TP-Link TL-WR841N V13 Insecure Direct Object Reference Vulnerability

Exploit for hardware platform in category web applications Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Overview An attacker that can send HTTP...

TP-Link TL-WR841N V13 Insecure Direct Object Reference

Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Risk: High Vendor Contacted: 05/20/2018 Vendor Fix: Issue was independently fixed in previous...

[SECURITY] Fedora 26 Update: php-7.1.15-1.fc26

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

Command injection

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

Updated apache-mod_fcgid packages fix security vulnerability

A remote attacker could have set the HTTPPROXY environment variable of CGI scripts CVE-2016-1000104...

MGASA-2017-0203 Updated apache-mod_fcgid packages fix security vulnerability

A remote attacker could have set the HTTPPROXY environment variable of CGI scripts CVE-2016-1000104...

CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious...

CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious...

BSA-2017-313

Security Advisory ID : BSA-2017-313 Component : modcgid module in the Apache HTTP Server before 2.4.10 Revision : 2.0: Interim A flaw was found inmodcgid. If a server usingmodcgidhosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang...