PHP 8.1.x < 8.1.30 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.30 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non- standard configurations ...

UBUNTU-CVE-2024-8927

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

PHP 8.3.x < 8.3.12 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.12. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.12 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non- standard configurations ...

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows attackers to execute arbitrary commands.

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...

PHP 8.2.x < 8.2.24 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.24. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.24 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non- standard configurations ...

php -- Multiple vulnerabilities

php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp cgi.forceredirect configuration is bypassable due to the environment variable collision. CVE-2024-9026: FPM: Fixed bug...

Traccar 5.12 Remote Code Execution

class MetasploitModule 'Traccar v5 Remote Code Execution CVE-2024-31214 and CVE-2024-24809', 'Description' = %q Remote Code Execution in Traccar v5.1 - v5.12. Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability CVE-2024-24809 and an unrestricted...

PortSwigger Web Security: cgi scripts wordlist entry for windmail.exe has payload that sends arbitrary file read result to third-party

The windmail.exe application in the CGI scripts wordlist had a vulnerability that allowed an attacker to read arbitrary files on the server and send the contents to a third-party email address...

CVE-2024-46591

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46589

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46594

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46590

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46596

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46592

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46561

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46558

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46558

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46567

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46580

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46560

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pubkey parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...