Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai @oran...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871...

PHP 8.2.x < 8.2.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. - In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP- CGI on Windows, if the...

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properl...

CVE-2024-29974

UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...

CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by...

CVE-2024-29974

UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...

CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by...

CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by...

CVE-2024-36729

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizardipv6 with a sufficiently long reboottype key...

PT-2024-3976 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions prior to V5.21AAZF.17C0 Zyxel NAS542 versions prior to V5.21ABAG.14C0 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this...

GHSA-F9HR-7CFQ-MJG2 TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

PT-2024-40269 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows backend users to upload certain file types, including .phar, .shtml, .pl, or .cgi files, due to missing file extensions in the $GLOBALS'TYPO3 CONF VARS''BE''fileDenyPattern'...

CVE-2024-5400

Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

CVE-2024-5400

CVE-2024-5400 affects Openfind Mail2000, where a CGI parameter handling vulnerability enables OS command injection. Multiple sources describe that remote attackers with regular privileges can exploit improper filtering of specific CGI parameters to execute arbitrary system commands on the remote ...

Openfind Mail2000 操作系统命令注入漏洞

Openfind Mail2000 is a Web-based e-mail system. An operating system command injection vulnerability exists in versions prior to Openfind Mail2000 V8.0 Patch 34, which stems from the inability to properly filter the parameters of a specific CGI, allowing an attacker to execute arbitrary system...

Apache Tomcat 9.0.0.M1 < 9.0.19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.19security-9 advisory. - When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1...

Fortinet FortiWeb Path traversal via browse report CGI component (FG-IR-22-142)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-142 advisory. - A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2...