9792 matches found
D-Link DIR-816 A2 安全漏洞
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AdvanceSetup.cgi. An attacker can exploit this vulnerability to set the 2.4...
D-Link DIR-816 A2 安全漏洞
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...
PT-2025-49184
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.7 through 2.4.65 Description A flaw exists in Apache HTTP Server where a bypass of mod userdir+suexec is possible via the AllowOverride FileInfo functionality. Individuals with the ability to utilize the...
CVE-2024-12828
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...
CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...
CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...
CVE-2024-12828
CVE-2024-12828 affects Webmin CGI handling, where unsanitized user input in CGI requests leads to command injection and remote code execution in the root context. The issue arises from improper validation before executing system calls. Public sources (including NVD, OSV, CIRCL, and related adviso...
PT-2025-2006 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical issue has been found in the ACL Handler component, specifically affecting an unknown part of the file /goform/form2LocalAclEditcfg.cgi. This issue leads to improper acce...
The vulnerability of the Webmin CGI request handler allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the Webmin CGI request handler relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...
The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the saveVPNProfile parameter. Exploiting this vulnerability allows a malicious actor to trigger a Denial-of-Service attack from a remote location...
The vulnerability in the inetipv6.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the overflow of buffers on the stack during the processing of the sIpv6AiccuUser parameter. Exploiting this vulnerability allows a remote attacker to trigger a Denial-of-Service attack...
Webmin CGI Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied...
VulnCheck KEV: CVE-2023-52163
Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via timetzsetup.cgi...
RockyLinux 9 : php:8.2 (RLSA-2024:10949)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10949 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...
TOTOLINK EX1800T cstecgi.cgi sub_40662C stack overflow vulnerability
The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T cstecgi.cgi sub40662C suffers from a stack overflow vulnerability that originates from the failure of the ssid parameter of the sub40662C function of the /cgi-bin/cstecgi.cgi file to...
RHEL 8 : php:8.2 (RHSA-2024:10951)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10951 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to...
CVE-2024-12352 TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This vulnerability affects the function sub40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The...
The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system, which allows a hacker to execute an attack using brute-force methods.
The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system is related to the ability to bypass authentication by using a user-controlled password. Exploiting this vulnerability could allow an attacker operating remotely to execute a brute-force attack...
VulnCheck KEV: CVE-2022-23900
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi...
The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router’s software allows a hacker to execute arbitrary commands.
The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...