EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2022-2588)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed...

EulerOS Virtualization 3.0.6.6 : ruby (EulerOS-SA-2022-2536)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV...

AlmaLinux 8 : ruby:2.7 (ALSA-2022:6447)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6447 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

TOTOLINK A860R Command Injection Vulnerability

TOTOLINK A860R is a wireless router from China Gion Electronics TOTOLINK.TOTOLINK A860R version V4.1.2cu.5182B20201027 is vulnerable to command injection, which stems from the component /cgi-bin/downloadFile.cgi failing to properly filter the construct command special characters, commands, etc. A...

[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2022-41525

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi...

Command injection

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi...

CVE-2022-41525

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi...

CVE-2022-41518

TOTOLINK NR1800X firmware 9.1.0u.6279_B20210910 is affected by CVE-2022-41518 due to a command injection in the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. The issue originates from inadequate input filtering of the FileName parameter, enabling arbitrary command execution. CVSS 3.1 base ...

cgi-photo.com Cross Site Scripting vulnerability OBB-2966669

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

CVE-2022-40475

TOTOLINK A860R (version 4.1.2cu.5182_B20201027) is affected by a command injection via /cgi-bin/downloadFile.cgi. The root cause is improper filtering of command characters in this CGI, enabling potential arbitrary command execution with network access. CVSS v3.1 base score 9.8 (CRITICAL) reflect...

CVE-2022-36158

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mntcmd.cgi...

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

Cross site scripting

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2022:3292-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3292-1 advisory. - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse bsc1193081. Tenable has extracted the...

TOTOLINK T6 操作系统命令注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421AA0 function in cstecgi.cgi failing to properly filter construct command...