Lucene search
K

768 matches found

Prion
Prion
added 2023/02/27 2:16 a.m.15 views

Code injection

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...

5.8CVSS7.4AI score0.38722EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.6 views

SUSE CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

6.8CVSS7.7AI score0.05084EPSS
Exploits1References3
Prion
Prion
added 2023/02/03 4:15 p.m.20 views

Design/Logic Flaw

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

7.5CVSS9.6AI score0.00891EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/17 9:15 p.m.2 views

CVE-2022-43976

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication...

9.8CVSS5.8AI score0.00704EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.2 views

GE Grid Solutions MS3000 安全漏洞

GE Grid Solutions MS3000 is a transformer monitoring system from GE Grid Solutions, France. A security vulnerability exists in the GE Grid Solutions MS3000 versions prior to 3.7.6.25p03.2.2.17p04.7p0, which stems from the ability to directly access the API on TCP port 8888 without any...

9.8CVSS8.4AI score0.00704EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/12/11 12:0 a.m.86 views

www/awstats -- Partial absolute pathname

MITRE reports: It seems 90 is not completely fixed in 7.8. that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed. In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the...

5.3CVSS2.3AI score0.01834EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/12/01 12:0 a.m.434 views

CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

9.8CVSS1.9AI score0.4393EPSS
In wildExploits1References3
Prion
Prion
added 2022/10/06 6:16 p.m.20 views

Command injection

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi...

7.5CVSS9.8AI score0.01834EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/06 12:0 a.m.59 views

CVE-2022-41518

TOTOLINK NR1800X firmware 9.1.0u.6279_B20210910 is affected by CVE-2022-41518 due to a command injection in the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. The issue originates from inadequate input filtering of the FileName parameter, enabling arbitrary command execution. CVSS 3.1 base ...

9.8CVSS9.8AI score0.01834EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/09/29 11:37 a.m.30 views

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

10AI score0.03505EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2022/09/15 12:15 p.m.602 views

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution cve-20...

9.8CVSS9.4AI score0.99964EPSS
Exploits62
GithubExploit
GithubExploit
added 2022/09/15 11:28 a.m.1675 views

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution cve-20...

9.8CVSS9.4AI score0.99964EPSS
Exploits62
CVE
CVE
added 2022/08/30 3:7 p.m.63 views

CVE-2022-36552

CVE-2022-36552 affects Tenda AC6 (AC1200) with v5.0 firmware

7.5CVSS7.4AI score0.00742EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/29 9:15 p.m.20 views

CVE-2022-32993

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh...

9.8CVSS0.00833EPSS
Exploits0References2
NVD
NVD
added 2022/08/29 6:15 a.m.36 views

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

10CVSS0.33795EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/08/28 12:0 a.m.5 views

PT-2022-7699

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description The issue is related to the hnap main function of the D-Link GO-RT-AC750 router's firmware, which fails to neutralize special elements used in an...

10CVSS9.9AI score0.10327EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.7 views

PT-2022-23447 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description: The issue concerns an authentication bypass. It is related to the function phpcgi main in cgibin. Recommendations: For D-Link GO-RT-AC750 versi...

7.5CVSS7.6AI score0.01334EPSS
Exploits0References5
Prion
Prion
added 2022/07/25 10:15 p.m.21 views

Cross site request forgery (csrf)

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request...

5CVSS7.7AI score0.02995EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/07/20 12:15 p.m.27 views

CVE-2022-2487

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

9.8CVSS0.79513EPSS
Exploits1References2
Prion
Prion
added 2022/07/20 12:15 p.m.15 views

Command injection

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

7.5CVSS9.8AI score0.79513EPSS
Exploits1References2
Rows per page
Query Builder