CVE-2023-27852

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device...

CVE-2023-27852

CVE-2023-27852 affects NETGEAR Nighthawk WiFi6 Router versions prior to V1.0.10.94. The issue is a buffer overflow in various CGI mechanisms, enabling an attacker to execute arbitrary code on the device. Affected component: CGI handling in the router’s firmware. Root cause: insufficient input siz...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-1483)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

Debian: Security Advisory (DLA-94-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-553-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1234-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2079-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-478-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class

A vulnerability was found in the CGI::Cookie class that allowed an attacker to inject invalid attributes in the Set-Cookie header. Additionally, the cgi gem had a vulnerability that allowed an attacker to inject a malicious HTTP response header and/or body. The issue was fixed in versions 0.3.5,...

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

A vulnerability was found in Ruby's CGI library that allowed an attacker to inject a malicious HTTP response header and/or body if an application used untrusted user input to generate HTTP responses. The vulnerability was fixed in version 0.3.5, 0.2.2, and 0.1.0.2 of the cgi gem...

Code injection

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...

CVE-2023-26609

The CVE-2023-26609 vulnerability affects ABUS TVIP 20000-21150 devices, where shell metacharacters in the /cgi-bin/mft/wireless_mft ap field allow remote code execution. Public exploit discussions exist (PacketStorm/Wiki entries) and ICS CVE notes confirm remote exploitation with a CVSS v3.1 base...

[SECURITY] Fedora 36 Update: php-8.1.16-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

USN-5806-2: Ruby vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru...

K92930514: GO vulnerability CVE-2016-5386

Security Advisory Description The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote...

K51663510: Apache Tomcat vulnerability CVE-2016-5388

Security Advisory Description Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect ...

K55423848: CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410

Security Advisory Description CVE-2010-2761 The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers a...

K07112184: HHVM vulnerability CVE-2016-1000109

Security Advisory Description HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

SUSE CVE-2003-0789

modcgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client...

SUSE CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...