CVE-1999-0947

AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

CVE-1999-0609

An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information...

CVE-1999-0174

The view-source CGI program allows remote attackers to read arbitrary files via a .. dot dot attack...

CVE-1999-0264

htmlscript CGI program allows remote read access to files...

CVE-1999-0237

Remote execution of arbitrary commands through Guestbook CGI program...

CVE-1999-0173

FormMail CGI program can be used by web servers other than the host server that the program resides on...

CVE-1999-0066

AnyForm CGI remote execution...

CVE-1999-0039

webdist CGI program webdist.cgi in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter...

CVE-2025-44881

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

TOTOLINK N300RH 注入漏洞

TOTOLINK N300RH is a long range wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N300RH suffers from a command injection vulnerability that stems from the failure of the parameter url in the file /cgi-bin/cstecgi.cgi to correctly filter constructed command special characters,...

Fixed in Apache Tomcat 11.0.7

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1539)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1538)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

Fixed in Apache Tomcat 9.0.105

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

Fixed in Apache Tomcat 10.1.41

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

CVE-2025-4496

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buff...

VulnCheck KEV: CVE-2019-20074

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page...

AlmaLinux 9 : ruby:3.1 (ALSA-2025:4488)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4488 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace characte...

CVE-2025-4271

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attac...