Barco Control Room Cross-Site Scripting Vulnerability

Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the URL parameter of the...

CVE-2022-26972

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS...

CVE-2022-26972

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS...

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

CVE-2022-29644

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /webcste/cgi-bin/product.ini...

WAVLINK WN535 G3 Cross-Site Scripting Vulnerability

WAVLINK WN535 G3 is a wireless router from WAVLINK China. WAVLINK WN535 G3 suffers from a cross-site scripting vulnerability, which stems from a lack of filtering and escaping of the hostname parameter in /cgi-bin/login.cgi, and can be exploited by attackers to conduct cross-site scripting attack...

The vulnerability of the USERDBDomains.Domainname function in the cgi-bin/platform.cgi file of the NETGEAR ProSafe SSL VPN network interface card’s software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the USERDBDomains.Domainname function in the cgi-bin/platform.cgi file of the NETGEAR ProSafe SSL VPN network interface card’s software is related to the possibility of executing commands. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL...

CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi...

CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi...

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...

CVE-2021-43159

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...

CVE-2021-43159

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...

CVE-2021-43164

CVE-2021-43164 affects Ruijie RG-EW Series routers running ReyeeOS up to 1.55.1915 / EW_3.0(1)B11P55. The vulnerability is an RCE via the updateVersion function in /cgi-bin/luci/api/wireless, with PoC and public exploit code showing authenticated access can trigger code execution on affected devi...

CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...

Artica Proxy 路径遍历漏洞

Artica Proxy is an open source Artica proxy solution from Artica France. A security vulnerability exists in Artica Proxy VMWare Appliance 4.30.000000 SP273 and earlier versions and Artica Proxy versions 4.30.000000 SP206 through SP255, which stems from a lack of filtering of the filename paramete...

CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33114)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...

CVE-2022-27083

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...

CVE-2022-24177

A cross-site scripting XSS vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML...