CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2022-43391

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted HTTP request...

CVE-2022-30489

WAVLINK WN535 G3 was discovered to contain a cross-site scripting XSS vulnerability via the hostname parameter at /cgi-bin/login.cgi...

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

CVE-2022-36456

TOTOLink A720R V4.1.5cu.532B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi...

CVE-2022-37134

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tpusrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tpusrname, resulting in stack overflow...

CVE-2022-44038

Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...

CVE-2021-39243

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

CVE-2021-20167

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

CVE-2021-40380

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials...

CVE-2021-30454

An issue was discovered in the outercgi crate before 0.2.1 for Rust. A user-provided Read instance receives an uninitialized memory buffer from KeyValueReader...

CVE-2021-26475

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI...

CVE-2021-23139

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations...

CVE-2020-6954

An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

CVE-2020-13886

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...

CVE-2020-21142

Cross Site Scripting XSS vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi...