Lucene search
K

9792 matches found

CNNVD
CNNVD
added 2025/01/02 12:0 a.m.3 views

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AdvanceSetup.cgi. An attacker can exploit this vulnerability to set the 2.4...

6.9CVSS6.8AI score0.00725EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.4 views

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...

6.9CVSS6.6AI score0.01067EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.3 views

PT-2025-49184

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.7 through 2.4.65 Description A flaw exists in Apache HTTP Server where a bypass of mod userdir+suexec is possible via the AllowOverride FileInfo functionality. Individuals with the ability to utilize the...

5.5CVSS6.8AI score0.00569EPSS
Exploits0References121
NVD
NVD
added 2024/12/30 5:15 p.m.18 views

CVE-2024-12828

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

9.9CVSS0.32018EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/30 4:48 p.m.27 views

CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

9.9CVSS0.32018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/30 4:48 p.m.13 views

CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

9.9CVSS9.9AI score0.32018EPSS
Exploits0References2
CVE
CVE
added 2024/12/30 4:48 p.m.147 views

CVE-2024-12828

CVE-2024-12828 affects Webmin CGI handling, where unsanitized user input in CGI requests leads to command injection and remote code execution in the root context. The issue arises from improper validation before executing system calls. Public sources (including NVD, OSV, CIRCL, and related adviso...

9.9CVSS9.9AI score0.32018EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.5 views

PT-2025-2006 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical issue has been found in the ACL Handler component, specifically affecting an unknown part of the file /goform/form2LocalAclEditcfg.cgi. This issue leads to improper acce...

6.9CVSS6.6AI score0.01067EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.7 views

The vulnerability of the Webmin CGI request handler allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the Webmin CGI request handler relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...

9.9CVSS8.5AI score0.32018EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.4 views

The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the saveVPNProfile parameter. Exploiting this vulnerability allows a malicious actor to trigger a Denial-of-Service attack from a remote location...

7.8CVSS5.8AI score0.0045EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.4 views

The vulnerability in the inetipv6.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the overflow of buffers on the stack during the processing of the sIpv6AiccuUser parameter. Exploiting this vulnerability allows a remote attacker to trigger a Denial-of-Service attack...

7.8CVSS5.6AI score0.0045EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/12/20 12:0 a.m.9 views

Webmin CGI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied...

9.9CVSS7.6AI score0.32018EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-52163

Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via timetzsetup.cgi...

8.8CVSS7.3AI score0.96285EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/12/19 12:0 a.m.23 views

RockyLinux 9 : php:8.2 (RLSA-2024:10949)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10949 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.2AI score0.49336EPSS
Exploits7References13
CNVD
CNVD
added 2024/12/13 12:0 a.m.6 views

TOTOLINK EX1800T cstecgi.cgi sub_40662C stack overflow vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T cstecgi.cgi sub40662C suffers from a stack overflow vulnerability that originates from the failure of the ssid parameter of the sub40662C function of the /cgi-bin/cstecgi.cgi file to...

9.8CVSS8.2AI score0.00702EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.25 views

RHEL 8 : php:8.2 (RHSA-2024:10951)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10951 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to...

7.5CVSS7.2AI score0.49336EPSS
Exploits7References16
Cvelist
Cvelist
added 2024/12/09 1:0 a.m.41 views

CVE-2024-12352 TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This vulnerability affects the function sub40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The...

5.3CVSS0.00702EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.5 views

The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system, which allows a hacker to execute an attack using brute-force methods.

The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system is related to the ability to bypass authentication by using a user-controlled password. Exploiting this vulnerability could allow an attacker operating remotely to execute a brute-force attack...

7.8CVSS5.6AI score0.0087EPSS
Exploits1References4Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/12/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-23900

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi...

9.8CVSS6.4AI score0.03566EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/12/04 12:0 a.m.3 views

The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router’s software allows a hacker to execute arbitrary commands.

The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

6.5CVSS6.9AI score0.03074EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder