VulnCheck KEV: CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

VulnCheck KEV: CVE-2009-5156

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string...

CVE-2009-5156

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string...

CVE-2009-5156

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string...

CVE-2009-5156

CVE-2009-5156 affects ASMAX AR-804gu devices running 66.34.1. The issue is a Command Injection vulnerability via the cgi-bin/script query string. The available connected documents confirm the affected product and the vulnerability class but do not provide exploit vectors, in-the-wild status, or r...

CVE-2019-12771

Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring...

Deltek Maconomy 2.2.5 Local File Inclusion Vulnerability

Exploit for cgi platform in category web applications Exploit Title: Maconomy Erp local file include Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.deltek.com Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy CVE: CVE-2019-12314 POC: POC:...

CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...

CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...

Command injection

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution as root, starting from a low-privilege user session vulnerability. The cgi-bin/webfilemgr.cgi file allows arbitrary file write by...

Cross site request forgery (csrf)

JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...

Design/Logic Flaw

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

JioFi 4G M2S 1.0.2 Denial Of Service

Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

Exploit for OS Command Injection in Apache Tomcat

CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows -...

CVE-2018-17989

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...

CVE-2018-17563

A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...

Input validation

A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...

CVE-2019-6967

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF...

Design/Logic Flaw

cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter...

CVE-2019-7440

Affected product: JioFi 4G M2S 1.0.2. Vulnerability: Cross-Site Request Forgery (CSRF) via the SSID name and Security Key field in Edit Wi‑Fi Settings (SetWiFi_Setting to cgi-bin/qcmap_web_cgi). Root cause: HTTP requests processed without proper validity checks enabling state-changing actions. Im...