CVE-2019-13274

In CVE-2019-13274, the affected software is Xymon up to version 4.3.28, where the csvinfo CGI script is vulnerable due to insufficient filtering of the db parameter, enabling a cross-site scripting (XSS) issue. The connected sources consistently describe the vulnerability and its presence in Xymo...

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

PYSEC-2019-178

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection

BlueBox Security http://www.bluebox-security.de/ securityatbluebox-security.de bbs-2019.001.txt 08-August-2019 Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

Sql injection

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

CVE-2019-13398

CVE-2019-13398 affects Dynacolor FCM-MB40 v1.2.0.0 devices. The vulnerability is a command-injection flaw in CGI scripts (cgi-bin/camctrl_save_profile.cgi and cgi-bin/ddns.cgi) that allows a remote attacker to execute arbitrary commands by supplying crafted parameters. This stems from unsafe inpu...

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

Citrix SD-WAN Appliance < 10.2.3 Unauthenticated Blind SQL Injection

The remote Citrix SD-WAN Appliance is affected by an SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting in the manipulation of arbitrary...

Command injection

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string...

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution

devolo dLAN 550 duo+ Starter Kit Remote Code Execution Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLANAr 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for a...

FutureNet NXR-G240 Series ShellShock Command Injection

-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Date: 2018-06-12 Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA...

[SECURITY] Fedora 28 Update: mod_perl-2.0.10-11.fc28

Modperl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Modperl links the Perl run-time library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a...

[SECURITY] Fedora 27 Update: mod_perl-2.0.10-9.fc27

Modperl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Modperl links the Perl run-time library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a...

pinger.unesp.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-631745 Description| Value ---|--- Affected Website:| pinger.unesp.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

waad.org.lb XSS vulnerability

Open Bug Bounty ID: OBB-628486 Description| Value ---|--- Affected Website:| waad.org.lb Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

site.sourceoflight.net XSS vulnerability

Open Bug Bounty ID: OBB-599021 Description| Value ---|--- Affected Website:| site.sourceoflight.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

JVN#96655441: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user...

JVN#64990648: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user's...

JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...