9786 matches found
Exploit for OS Command Injection in Php
CVE-2024-4577-PHP-RCE Project Overview and Mechanism - Th...
httpd: Substitution encoding issue in mod_rewrite
A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...
httpd: Substitution encoding issue in mod_rewrite
A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...
httpd: Substitution encoding issue in mod_rewrite
A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...
CVE-2024-38944
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...
CVE-2024-38944
CVE-2024-38944 affects Intelight X-1L Traffic Controller Maxtime v1.9.6. A remote attacker can execute arbitrary code through the web-based UI endpoint "/cgi-bin/generateForm.cgi?formID=142". Multiple sources corroborate RCE potential (e.g., ExploitDB report references remote code execution; vend...
RHEL 9 : ruby (RHSA-2024:4542)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4542 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...
Exploit for OS Command Injection in Php
PoC exploit for CVE-2024-4577, a vulnerability in an unspecified...
BIT-APACHE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
The vulnerability in the implementation of the export-cgi and fileUpload-cgi scripts allows a hacker to circumvent security restrictions and execute arbitrary code. This vulnerability affects the backup and configuration restoration functions of the Zyxel NAS326 and Zyxel NAS542 network storage devices.
The vulnerability of the export-cgi and fileupload-cgi implementations of the backup and configuration restoration functions for Zyxel NAS326 and Zyxel NAS542 network storage devices is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to bypass...
CVE-2024-38474
A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
CVE-2024-38474
CVE-2024-38474 affects Apache HTTP Server’s mod_rewrite: substitutions that capture and substitute unsafely can be mis-encoded, enabling unintended access paths. The issue is fixed by upgrading to Apache HTTP Server 2.4.60 (and related advisories note versions 2.4.61+ as subsequent fixes). Connec...
Debian: Security Advisory (DSA-5717-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-38896
CVE-2024-38896 affects WAVLINK WN551K1 routers. The vulnerability is a command injection in the start_hour parameter of /cgi-bin/nightled.cgi. According to the records, the CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, with a base score of 5.3 (Medium). Impact is limited to con...