9791 matches found
PT-2023-2773 · Synology · Synology Router Manager
Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.2.5-8227-6 Synology Router Manager versions prior to 1.3.1-9346-3 Description: The issue is related to an OS command injection vulnerability in the CGI component of Synology Router Manager. This...
CVE-2023-2682
A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...
Command injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...
CVE-2022-29842 Command Injection Vulnerability in Western Digital My Cloud devices
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...
PT-2023-12987 · Western Digital · Western Digital My Cloud Os 5
Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.119 Description: An issue was discovered in Western Digital My Cloud OS 5 devices, allowing an attacker to execute code in the context of the root user on a vulnerable CGI file due to...
Western Digital My Cloud 命令注入漏洞
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.119, which stems from a command injection vulnerability that could allow an attacker to execute code against vulnerable CGI file...
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-1768)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-1790)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...
CVE-2023-2522
A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sendorder.cgi?parameter=accessdetect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an...
CVE-2023-2520
A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049202303031001 and classified as critical. This issue affects some unknown processing of the file cgi-bin/toolsping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection...
CVE-2023-2520
Caton Prime 2.1.2.51.e8d7225049(202303031001) contains a command injection in the Ping Handler, via manipulation of the Destination argument in cgi-bin/tools_ping.cgi?action=Command. This allows remote exploitation and affects the Ping Handler component; impact is high (as per CVE-2023-2520). No ...
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage...
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing t...
D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue...
D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsin...
D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue...
cgimanagementinc.com Cross Site Scripting vulnerability OBB-3280221
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...
CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...