SYNCK GRAPHICA Mailform Pro CGI 信息泄露漏洞

SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI prior to version 4.3.1, which stems from the Thanks module saving user...

JVN#34205166: SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulnerability, it is require...

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

CVE-2022-36552

CVE-2022-36552 affects Tenda AC6 (AC1200) with v5.0 firmware

CVE-2022-32993

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh...

CVE-2022-32993

CVE-2022-32993 affects TOTOLINK A7000R (version 4.1cu.4134). The issue is an access control flaw in the /cgi-bin/ExportSettings.sh endpoint, enabling unauthorized access. NVD reports a high-severity (CRITICAL) impact (C/H, I/H, A/H) with CVSS 3.1 base score 9.8. Some sources describe the vulnerab...

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

Hytec Inter HWL-2511-SS 命令注入漏洞

The Hytec Inter HWL-2511-SS is an industrial LTE router and Wi-Fi access point from Hytec Inter, Japan. A security vulnerability exists in the Hytec Inter HWL-2511-SS v1.05 and earlier, which stems from the component /www/cgi-bin/popen.cgi containing a command injection...

PT-2022-7699

Name of the Vulnerable Software and Affected Versions D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description The issue is related to the hnap main function of the D-Link GO-RT-AC750 router's firmware, which fails to neutralize special elements used in an...

Ubuntu: Security Advisory (USN-20-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5479-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-66-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-23830 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-link DIR-816 version A2 v1.10CNB04.img Description: The issue arises from a Buffer Overflow vulnerability via the /goform/form2Wan.cgi endpoint. When wantype is 3, the l2tp usrname will be decrypted by base64, and the result will be stored ...

cgijaffna.gov.in Cross Site Scripting vulnerability OBB-2852014

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2022-23447 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-Link GO-RT-AC750 versions GORTAC750 revA v101b03 through GO-RT-AC750 revB FWv200b02 Description: The issue concerns an authentication bypass. It is related to the function phpcgi main in cgibin. Recommendations: For D-Link GO-RT-AC750 versi...

GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-20 Apache HTTPD: Multiple Vulnerabilities - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nasdisk.shtml...

多款WAVLINK产品安全漏洞

WAVLINK AC1200 and others are products of China RuiYin Technology WAVLINK.WAVLINK AC1200 is a dual-band high power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3...

AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

Unintended Proxy or Intermediary

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Pro...