CVE-2022-45923

OpenText Content Suite Platform 22.1 (16.2.19.1803) is affected by CVE-2022-45923 via the CGI program cs.exe. The issue allows an attacker to increment or decrement an arbitrary memory address by 1 and trigger a call to a method of a vftable using a chosen vftable pointer value, enabling pre-auth...

Fedora: Security Advisory for awstats (FEDORA-2023-fda5480804)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-43976

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p03.2.2.17p04.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication...

USN-5806-1: Ruby vulnerability

Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application...

GE Grid Solutions MS3000 安全漏洞

GE Grid Solutions MS3000 is a transformer monitoring system from GE Grid Solutions, France. A security vulnerability exists in the GE Grid Solutions MS3000 versions prior to 3.7.6.25p03.2.2.17p04.7p0, which stems from the ability to directly access the API on TCP port 8888 without any...

Ubuntu 16.04 ESM : Ruby vulnerability (USN-5806-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5806-1 advisory. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could...

CVE-2014-125077

A vulnerability, which was classified as critical, has been found in pointhi searxstats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to...

Sql injection

A vulnerability, which was classified as critical, has been found in pointhi searxstats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to...

CVE-2014-125077 pointhi searx_stats cron.php sql injection

A vulnerability, which was classified as critical, has been found in pointhi searxstats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to...

CVE-2014-125077

CVE-2014-125077 affects pointhi searx_stats. The vulnerability stems from unknown handling in cgi/cron.php, enabling SQL injection with high impact (C/H, I/H, A/H per CVSS3.1). A patch is available: 281bd679a4474ddb222d16c1c380f252839cc18f. Related identifier: VDB-218351.

[SECURITY] Fedora 36 Update: php-8.1.14-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2022-43390

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request...

Buffer overflow

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to cause denial-of-service DoS conditions by sending a crafted HTTP request...

Zyxel NR7101 安全漏洞

The Zyxel NR7101 is a router from Hopkins Zyxel. A security vulnerability exists in versions prior to Zyxel NR7101 V1.15ACCC.3C0, which stems from a buffer overflow vulnerability in the CGI program parameters that allows an authenticated attacker to cause a denial of service DoS by sending a...

CVE-2022-43390

CVE-2022-43390 concerns the Zyxel NR7101 router. The flaw is a command injection in the router’s CGI program present in firmware versions prior to V1.15(ACCC.3)C0. An authenticated attacker could trigger OS command execution on the device by sending a crafted HTTP request. The issue arises from i...

CVE-2022-43390

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request...

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A stack-based buffer overflow in the StartEPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1056)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-3459 · Western Digital · Western Digital My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices. This could allow an attacker to execute code ...

EulerOS Virtualization 3.0.2.6 : ruby (EulerOS-SA-2023-1056)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV...