httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

Fedora: Security Advisory (FEDORA-2024-49aba7b305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

BIT-APACHE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2024-27684

A Cross-site scripting XSS vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750A1FWv101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

cups security and bug fix update

1:2.3.3op2-21 - bump the spec because the previous build was made with buildroot 9.2 1:2.3.3op2-20 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation 1:2.3.3op2-19 - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient in scheduler/client.c - CVE-2023-32324 cups: heap...

CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

Design/Logic Flaw

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

Exploit for Path Traversal in Apache Http_Server

🚨 CVE-2021-42013 - Apache 2.4.49 & 2.4.50 Remote Code Executio...

[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

Authorization

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2023-33274

CVE-2023-33274 affects PowerShield SNMP Web Pro 1.1. The vulnerability is in the authentication mechanism, allowing unauthenticated users to directly access CGI scripts due to a lack of proper cookie verification. It affects all instances where HTTP Digest authentication is not enabled, regardles...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

PT-2023-24259 · Unknown · Powershield Snmp Web Pro

Name of the Vulnerable Software and Affected Versions: PowerShield SNMP Web Pro version 1.1 Description: The authentication mechanism contains an issue that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This...

[SECURITY] Fedora 37 Update: php-8.1.20-1.fc37

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 38 Update: php-8.2.7-2.fc38

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Debian: Security Advisory (DLA-553-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...