Race condition

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...

CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...

CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...

CVE-2023-40599

CVE-2023-40599 affects Mailform Pro CGI (4.3.1.3 and earlier). The ReDoS flaw is in multiple add-on files: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. Root cause: regular-expression Denial-of-Service vulnerability leading...

Exploit for Command Injection in Php

PHP CGI Argument Injection CVE-2012-1823 !PHPhttps://im...

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above...

JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Impact A...

[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Western Digital MyCloud PR4100 CGI API Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the CGI API. The issue results from the lack of prop...

Ruijie Networks Product 代码注入漏洞

Ruijie Networks Product is a series of Ruijie wireless products from China-based Ruijie Networks. A security vulnerability exists in the Ruijie Networks Product that originates from an API privilege that allows a remote attacker to escalate via a POST request to /cgi-bin/luci/ and affects the...

CVE-2023-31853

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

Cross site scripting

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting XSS in /cgi-bin/luci/admin/network/bandwidth via the icon parameter...

CVE-2023-31852

CVE-2023-31852 affects Cudy LT400 firmware 1.13.4. The issue is a Cross Site Scripting (XSS) vulnerability in the web interface at cgi-bin/luci/admin/network/wireless/config, exploitable via the iface parameter. Connected documents confirm the affected product/version and the vulnerable parameter...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

Authorization

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

PT-2023-24259 · Unknown · Powershield Snmp Web Pro

Name of the Vulnerable Software and Affected Versions: PowerShield SNMP Web Pro version 1.1 Description: The authentication mechanism contains an issue that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2023-33274

CVE-2023-33274 affects PowerShield SNMP Web Pro 1.1. The vulnerability is in the authentication mechanism, allowing unauthenticated users to directly access CGI scripts due to a lack of proper cookie verification. It affects all instances where HTTP Digest authentication is not enabled, regardles...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

The vulnerability of the cgi microprogramming system in ASUS RT-AC86 Wi-Fi routers allows a hacker to execute arbitrary commands or cause service failures.

The vulnerability of the cgi microprogramming system in ASUS RT-AC86 Wi-Fi routers lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cause service interruptions...