Cross site request forgery (csrf)

A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability...

Reolink RLC-410W cgiserver.cgi cgi_check_ability improper access control vulnerabilities

Summary Multiple incorrect default permissions vulnerabilities exist in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Teste...

The vulnerability of the WEB_CmdFileList() function implementation in D-Link DAP-2020 wireless access points allows a intruder to execute arbitrary code.

The vulnerability of the WEBCmdFileList function implementation in D-Link DAP-2020 wireless access points relates to the lack of measures taken to neutralize special elements used in operating system commands when processing CGI scripts. Exploiting this vulnerability can allow an attacker to...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Playground === This is a small Docker recipe for...

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine aircraft monitoring application, which allows a violator to execute arbitrary commands

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine monitoring application exists because measures are not taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

Synology Media Server 代码问题漏洞

Synology Media Server provides multimedia services for browsing and playing multimedia contents in Synology NAS via DLNA/UPnP home devices. A server-side request forgery vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.3-2881. A remote attacker can exploit...

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

CVE-2020-24285

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx...

The vulnerability of the do_cgi() function in D-Link DSL-2640B router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the docgi function in D-Link DSL-2640B router software arises due to an overflow in the stack buffer. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Recent assessments: gwillcox-r7 at October 15, 2021 3:45pm UTC reported: This is now being exploited in the wild by the Necro...

Huawei Data Communication: A CGI application vulnerability in Some Huawei Products (huawei-sa-20171129-01-httpproxy)

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2020-9276

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. The function docgi, which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with...

xShock - Shellshock Exploit

xShock ShellShock CVE-2014-6271 This tool exploits shellshock. Written by Hulya Karabag Version 1.0.0 Instagram: Capture the Root Screenshots...

CVE-2019-5990

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer...

PT-2019-18624 · Sonicwall · Sonicwall Sma100

Name of the Vulnerable Software and Affected Versions: SonicWall SMA100 affected versions not specified Description: The issue is related to an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI, which allows users to test for the presence of a file on the server...

Multiple D-Link routers vulnerable to remote command execution

Overview Multiple D-Link routers are vulnerable to unauthenticated remote command execution. Description Several D-Link routers contain CGI capability that is exposed to users as /applysec.cgi, and dispatched on the device by the binary /www/cgi/ssi. This CGI code contains two flaws: 1. The...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

blog.techdex.net XSS vulnerability

Open Bug Bounty ID: OBB-679658 Description| Value ---|--- Affected Website:| blog.techdex.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

us.illinois.net XSS vulnerability

Open Bug Bounty ID: OBB-639944 Description| Value ---|--- Affected Website:| us.illinois.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...