Zyxel ATP Cross-Site Scripting Vulnerability

Zyxel ATP is a firewall from China-based Zyxel. A cross-site scripting vulnerability exists in Zyxel ATP, which stems from a cross-site scripting XSS vulnerability in the CGI program. Affected products and versions: Zyxel ATP series versions 5.10 through 5.37, USG FLEX series versions 5.00 throug...

VulnCheck KEV: CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

RHEL 8 : ruby:2.5 (RHSA-2023:7025)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7025 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

VulnCheck KEV: CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi...

cups security and bug fix update

1:2.3.3op2-21 - bump the spec because the previous build was made with buildroot 9.2 1:2.3.3op2-20 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation 1:2.3.3op2-19 - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient in scheduler/client.c - CVE-2023-32324 cups: heap...

CVE-2023-5748

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

CVE-2023-46485

An issue in TOTOlink X6000R V9.4.0cu.852B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4210-1 advisory. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15,...

CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

Design/Logic Flaw

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

CVE-2018-17879

The CVE-2018-17879 vulnerability affects ABUS TVIP cameras, where CGI scripts allow remote execution of code as root via system() with multiple injection points. Public sources (NVD, Red Hat, CVE listings) confirm this remote, unauthenticated-like capability with high impact across confidentialit...

CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system as root. There are several injection points in various scripts...

CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

Format string

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

CVE-2023-46396

Audimex 15.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in the /audimex/cgi-bin/wal.fcgi endpoint, exploitable via the company parameter in search filters. The issue is confirmed across multiple sources (CVE-2023-46396) with no public patch details in the provided documents. A pr...

CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

CVE-2023-5702

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...