9786 matches found
Important: ruby
Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...
CVE-2024-1783
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130/9.3.5u.6698B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument httphost leads to stack-based buffer overflow...
CVE-2024-25851
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the configsequence parameter in otherpara of cgitest.cgi...
PT-2024-1833
Name of the Vulnerable Software and Affected Versions Totolink X6000R AX3000 versions 9.4.0cu.852 20230719 Description A critical issue exists in the setWizardCfg function of the shttpd component, located in the /cgi-bin/cstecgi.cgi file. This is due to a lack of input validation, which allows fo...
Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.
Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions, and a vulnerability around command quoting that could allow further attacks on the system. Vulnerability Details...
jetty: Improper addition of quotation marks to user inputs in CgiServlet
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...
CVE-2023-5800
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API createoverlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service...
TOTOLINK N350RT Session Hijacking Vulnerability
The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...
CVE-2024-1004
A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument httphost leads to stack-based buffer overflow. It is possible to initiate the attack remotel...
CVE-2024-1001
A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2024-0998
A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack...
Stack overflow
A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely...
PT-2024-1320 · Totolink · Totolink N200Re
Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical vulnerability has been found, affecting the main function of the /cgi-bin/cstecgi.cgi file. This issue leads to a stack-based buffer overflow, which can be exploited...
TOTOLINK N200RE 安全漏洞
The TOTOLINK N200RE is a wireless router for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability that originates from a stack-based buffer overflow in the eTime parameter of the setParentalRules function of /cgi-bin/cstecgi.cgi. No detailed vulnerability details are...
PT-2024-1318 · Totolink · Totolink N200Re
Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical vulnerability was found in the Totolink N200RE, affecting the setIpPortFilterRules function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ePort argument leads t...
TOTOLINK N200RE 安全漏洞
The TOTOLINK N200RE is a wireless router for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability that originates from a stack-based buffer overflow in the ip parameter of the setDiagnosisCfg function of /cgi-bin/cstecgi.cgi. No detailed vulnerability details are...
CVE-2024-0944
A vulnerability was found in Totolink T8 4.1.5cu.83320220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is...
CVE-2024-0943
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attac...
CVE-2024-0942
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is...