EUVD-2021-8111

Malicious code in bioql PyPI...

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2022-43391

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted HTTP request...

CVE-2021-23139

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations...

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

CVE-2008-4560

HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via 1 a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or 2 a crafted parameter in a request to the ovlaunch.exe CGI program,...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

CVE-1999-0605

An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information...

CVE-1999-0264

htmlscript CGI program allows remote read access to files...

Zyxel DSL CPE OS Command Injection Vulnerability

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...

PT-2025-2603 · Zyxel · Zyxel Vmg4325-B10A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4325-B10A firmware version 1.00AAFR.4C0 20170615 Description: A post-authentication command injection issue in the CGI program could allow an authenticated attacker to execute operating system commands on an affected device by sendin...

CVE-2024-8882

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS conditions via a crafted URL...

PT-2024-8145 · Zyxel · Zyxel Gs1900-48

Name of the Vulnerable Software and Affected Versions: Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier Description: A buffer overflow vulnerability in the CGI program could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS...

PT-2024-6387 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...

Zyxel USG FLEX 4.50 < 5.39 / ATP 4.32 < 5.39 Multiple Vulnerabilities

The Firmware version of the Zyxel USG / ATP device is affected by multiple vulnerabilities: - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series...

Zyxel USG FLEX 4.16 < 5.39 Multiple Vulnerabilities

The Firmware version of the Zyxel USG FLEX device is affected by multiple vulnerabilities: - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series...

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

CVE-2024-7261

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...