CVE-2019-13273

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter...

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

CVE-2019-15051

An issue was discovered in Softing uaGate SI, MB, 840D firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter...

CVE-2002-1854

Rlaj whois CGI script whois.cgi 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field...

CVE-1999-0191

IIS newdsn.exe CGI script allows remote users to overwrite files...

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity and management. The TOTOLINK A3700R suffers from an improper access control vulnerability that originates from improper access control of the setUPnPCfg function in the file /cgi-bin/cstecgi.cgi. No detailed...

[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

DeepSeek Insecure Code Generation

DeepSeek appears to return horribly insecure code by default. Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI 3 returned: ==== name = form.getvalue'NAME', 'World' Default to 'World' if NAME is not...

CVE-2024-43660

The CGI script .sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical – The script can be used to download any file on the filesystem, including...

CVE-2024-43660

The CVE-2024-43660 issue affects Iocharger AC model chargers running firmware before 24120701. A CGI script (.sh) can be abused to download arbitrary files from the device filesystem (e.g., /etc/shadow, script source, binaries, config files). Attack is network-exposed and can be executed with low...

CVE-2024-12352 TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This vulnerability affects the function sub40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The...

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

CVE-2024-42741

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

CVE-2024-7335

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument httphost leads to buffer overflow. It is possible to launch the attack...

TOTOLINK EX200 安全漏洞

The TOTOLINK EX200 is a 2.4G wireless N range extender designed to extend the coverage of existing Wi-Fi networks. A buffer overflow vulnerability exists in the TOTOLINK EX200. The vulnerability originates from the file /cgi-bin/cstecgi.cgi?action=save&setting The function getSaveConfig as...

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

TOTOLINK A3600R 安全漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a buffer overflow vulnerability that originates from improper handling of the FileName parameter in the setUpgradeFW function of the /cgi-bin/cstecgi.cgi file. An attacker...