Astra Linux - уязвимость в apache2

Improper neutralization of vulnerabilities related to escape, meta, or control sequences in the Apache HTTP Server, caused by environment variables set through Apache configuration, which unexpectedly override variables calculated by the server for CGI programs. This issue affects the Apache HTTP...

EUVD-2026-9972

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

Improper Neutralization

Apache HTTP Server is vulnerable to Improper Neutralization. The vulnerability is due to environment variables set via Apache configuration improperly overriding server-calculated CGI variables, which allows an attacker to influence CGI execution by injecting or manipulating control sequences...

UBUNTU-CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

EUVD-2018-19367

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2013-7108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticate...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Information disclosure

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Cross site scripting

Monitorix before 3.10.1 allows XSS via CGI variables...

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables...

CVE-2018-7649

Monitorix before 3.10.1 allows XSS via CGI variables...

Dell EMC iDRAC7 and iDRAC8 Code Execution Vulnerabilities

Dell EMC iDRAC7 and iDRAC8 are both hardware and software-inclusive system management solutions from Dell USA. The solutions provide remote management, crash system recovery and power control for Dell PowerEdge systems. A security vulnerability exists in Dell EMC iDRAC7 and iDRAC8. A remote...

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

MyMarket 1.71 Form_Header.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6035/info MyMarket is prone to cross-site scripting attacks. HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link t...

openSUSE Security Update : FastCGI (openSUSE-2011-102)

added FastCGI-fixdeprecatedapi.patch: bnc735882 Fixes an issue where CGI.pm received CGI variables from previous requests. CVE-2011-2766 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

FreeBSD : nagios -- denial of service vulnerability (ba04a373-7d20-11e3-8992-00132034b086)

Eric Stanley reports : Most CGIs previously incremented the input variable counter twice when it encountered a long key value. This could cause the CGI to read past the end of the list of CGI variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)

The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...

Adobe ColdFusion多个跨站脚本及无效日志漏洞

BUGTRAQ ID: 28205,28207 CVECAN ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境，具有很高的易用性和开发效率，基于标准的Java技术，可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话，远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。...