The vulnerability of the CGI script nas_sharing.cgi of the D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L NAS devices allows a hacker to execute arbitrary code.

The vulnerability of the CGI script nassharing.cgi of the D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices lies in the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...

CVE-2024-31815

In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...

CVE-2024-31815

TOTOLINK EX200, version 4.0.3c.7314_B20191204, is exposed to an unauthorized disclosure of the device configuration via the /cgi-bin/ExportSettings.sh API endpoint. Multiple sources (CVE record, Red Hat security entry, CNVD/CNNVD summaries) align on a vulnerability described as improper privilege...

Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

CVE-2024-3272

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

D-Link DNS-320 信息泄露漏洞

The D-Link DNS-320 is a NAS Network Attached Storage device from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DNS-320L, which originates from an information disclosure vulnerability in the file /cgi-bin/info.cgi. Affected products and versions: D-Link DNS-320L,...

PT-2024-6486 · D Link · Dns-320L +18

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 Description: A...

PT-2024-6465 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814...

PT-2024-6462 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 Description: A...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

ManageEngine Applications Manager SEoL (11.0.x)

According to its version, ManageEngine Applications Manager is 11.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory. ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI...

ManageEngine Applications Manager SEoL (14.0.x)

According to its version, ManageEngine Applications Manager is 14.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

RHEL 9 : ruby:3.1 (RHSA-2024:1576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

VulnCheck KEV: CVE-2021-20039

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...

PT-2024-9844 · Webmin · Webmin

Name of the Vulnerable Software and Affected Versions: Webmin affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this issue. The specific flaw exists within the handli...

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Flash CGI Mini Thread 跨站脚本漏洞

Flash CGI Mini Thread is a CGI script for creating bulletin board systems BBS from Flash CGI, Inc. A cross-site scripting vulnerability exists in Flash CGI Mini Thread version 3.33, which originates from a vulnerability that could allow an attacker to execute arbitrary script on the web browser o...

JVN#40523785: Mini Thread vulnerable to cross-site scripting

Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...