VulnCheck KEV: CVE-2006-4000

Directory traversal vulnerability in cgi-bin/previewemail.cgi in Barracuda Spam Firewall BSF 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter...

CVE-2019-18993

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI this can occur, for example, on a TP-Link Archer C7 device...

CVE-2019-18993

OpenWrt 18.06.4 is affected by a stored/reflected XSS vulnerability in the web UI, allowing an attacker to inject scripts via the New port forward Name field targeting the cgi-bin/luci/admin/network/firewall/forwards URI (e.g., on TP-Link Archer C7). The issue stems from insufficient input valida...

CVE-2019-18993

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI this can occur, for example, on a TP-Link Archer C7 device...

CVE-2019-15072

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...

Openfind MAIL2000 /cgi-bin/portal Login Function Cross-Site Scripting Vulnerability

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the login function of /cgi-bin/portal in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client data by the WEB application. A...

Openfind Mail2000 /cgi-bin/go page cross-site scripting vulnerability

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the /cgi-bin/go page in Openfind MAIL2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker c...

CVE-2019-19117

/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2PSG1218 V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter...

Xfilesharing 2.5.1 - Arbitrary File Upload

Xfilesharing 2.5.1 - Arbitrary File Upload Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php...

CVE-2016-11015

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.XTWSZ-COMURLFilter.BlackList.1.URL parameter...

Cross site request forgery (csrf)

NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.XTWSZ-COMURLFilter.BlackList.1.URL parameter...

ACTi ACM-5611 Video Camera Remote Command Execution Exploit

Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACM-5611 Video Camera Remote Command Execution Exploit Copyright 2019 c Todor Donev Firmware Version = A1D-220-V3.08.08-AC Production ID = ACM5611-08G-X-00485 Factory Default Type = NTSC, Composite, Two Ways Audio 0x71...

Design/Logic Flaw

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh...

Dynacolor FCM-MB40 Cross-Site Request Forgery Vulnerability

Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A cross-site request forgery vulnerability exists in scripts under cgi-bin/ in the Dynacolor FCM-MB40 v1.2.0.0, which arises from a network system or product that does not adequately verify the origin or authenticity of data, and c...

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

Cross site request forgery (csrf)

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

CVE-2019-13400

CVE-2019-13400 affects Dynacolor FCM-MB40 v1.2.0.0. The issue arises from storing administrative web-interface credentials in cleartext at /etc/appWeb/appweb.pass, which can be retrieved by accessing cgi-bin/getuserinfo.cgi?mode=info. The vulnerability is evidenced in multiple sources (NVD entry ...

The vulnerability of D-Link DI-524 router’s microprogramming software lies in the lack of protective measures for the website structure, allowing attackers to inject arbitrary JavaScript code into the device’s web interface pages.

The vulnerability of D-Link DI-524 router’s microprogram code exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject JavaScript code into the device’s web interface pages. The web configuration files,...