TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)

The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...

Design/Logic Flaw

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

Format string

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note...

CVE-2023-22374

CVE-2023-22374 affects F5 BIG-IP iControl SOAP with a format-string vulnerability that can crash the iControl SOAP CGI process or allow potentially arbitrary command execution for authenticated attackers. Affected BIG-IP branches and vulnerable versions (per K000130415): 17.x (17.0.0) fixed in 17...

F5 BIG-IP 格式化字符串错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in F5 iControl SOAP, which can be exploited by an authenticated attacker to...

F5 iControl SOAP elevation of privilege vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in F5 iControl SOAP, which can be exploited by an authenticated attacker to...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1292)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2023-1292)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and...

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

Directory traversal

Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01hardware platform Gpn2.4P21-CWIFI-V0.05, via the getpage parameter to /cgi-bin/webproc...

Ubuntu 18.04 LTS / 20.04 LTS : Privoxy vulnerabilities (USN-5826-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5826-1 advisory. Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of...

USN-5806-2: Ruby vulnerability

USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi ge...

USN-5806-2 ruby2.5, ruby3.0 vulnerability

USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi ge...

Ubuntu 18.04 LTS / 22.04 LTS : Ruby vulnerability (USN-5806-2)

The remote Ubuntu 18.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5806-2 advisory. USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Tenable has extracte...

FreeBSD : www/awstats -- Partial absolute pathname (bba3f684-9b1d-11ed-9a3f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bba3f684-9b1d-11ed-9a3f-b42e991fc52e advisory. - In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the...

Design/Logic Flaw

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

Information disclosure

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

[SECURITY] Fedora 36 Update: awstats-7.8-9.fc36

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

CVE-2022-45923

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...