Lucene search
K

9791 matches found

Cvelist
Cvelist
added 2022/05/24 2:20 a.m.22 views

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

6.5CVSS6.7AI score0.00657EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/24 2:10 a.m.30 views

CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that coul...

5.8CVSS6AI score0.0836EPSS
Exploits0References1
CVE
CVE
added 2022/05/24 2:10 a.m.103 views

CVE-2022-0734

CVE-2022-0734 describes a cross-site scripting vulnerability in Zyxel USG/ZyWALL CGI programs across multiple firmware lines (USG/ZyWALL 4.35–4.70, USG FLEX 4.50–5.20, ATP 4.35–5.20, VPN 4.35–5.20). The issue allows a malicious script to access information stored in a user’s browser, such as cook...

6.1CVSS6.3AI score0.0836EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/05/24 12:0 a.m.8 views

Zyxel USG/ZyWALL 跨站脚本漏洞

Zyxel USG/ZyWALL is a firewall from China's Heqin Technology Zyxel. A cross-site scripting vulnerability exists in the CGI program in Zyxel USG/ZyWALL versions 4.35-4.70, USG FLEX 4.50-5.20, ATP 4.35-5.20, and VPN 4.35-5.20, which stems from the presence of an input validation error, and can be...

6.1CVSS6.2AI score0.0836EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/05/21 12:4 a.m.56 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS4AI score0.17374EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2022/05/20 11:23 p.m.24 views

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS2AI score0.04352EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2022/05/20 10:53 p.m.28 views

CVE-2019-20800

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...

9.8CVSS3.4AI score0.02148EPSS
Exploits1References1
OSV
OSV
added 2022/05/18 12:15 p.m.7 views

CVE-2022-29644

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /webcste/cgi-bin/product.ini...

9.8CVSS5.7AI score0.01458EPSS
Exploits1References1
CVE
CVE
added 2022/05/18 11:50 a.m.77 views

CVE-2022-29644

CVE-2022-29644 affects TOTOLINK A3100R devices (firmware versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129). The issue is a hard-coded password for the Telnet service stored in the component /web_cste/cgi-bin/product.ini, creating an unauthenticated control risk over the device. The NV...

10CVSS9.5AI score0.01458EPSS
Exploits1References1Affected Software1
Rockylinux
Rockylinux
added 2022/05/17 7:11 a.m.19 views

new packages: perl-CGI

An update is available for perl-CGI. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpris...

2.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/17 1:37 a.m.17 views

Roundup Cross-site scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

4.3CVSS5.7AI score0.01983EPSS
Exploits0References11Affected Software1
Packet Storm
Packet Storm
added 2022/05/17 12:0 a.m.243 views

SDT-CW3B1 1.1.0 Command Injection

Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...

10CVSS9.6AI score0.9475EPSS
Exploits20
CNVD
CNVD
added 2022/05/17 12:0 a.m.22 views

WAVLINK WN535 G3 Cross-Site Scripting Vulnerability

WAVLINK WN535 G3 is a wireless router from WAVLINK China. WAVLINK WN535 G3 suffers from a cross-site scripting vulnerability, which stems from a lack of filtering and escaping of the hostname parameter in /cgi-bin/login.cgi, and can be exploited by attackers to conduct cross-site scripting attack...

4.3CVSS2.6AI score0.03829EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.6 views

The vulnerability of the USERDBDomains.Domainname function in the cgi-bin/platform.cgi file of the NETGEAR ProSafe SSL VPN network interface card’s software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the USERDBDomains.Domainname function in the cgi-bin/platform.cgi file of the NETGEAR ProSafe SSL VPN network interface card’s software is related to the possibility of executing commands. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL...

6.5CVSS8.1AI score0.48957EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2022/05/16 12:0 a.m.407 views

Zyxel Firewall ZTP Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...

0.2AI score0.99938EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/16 12:0 a.m.52 views

Zyxel Multiple Firewalls OS Command Injection Vulnerability

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device...

10CVSS5.3AI score0.99938EPSS
In wildExploits25
Github Security Blog
Github Security Blog
added 2022/05/14 1:10 a.m.24 views

Inconsistent documentation in Apache Tomcat

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

5.3CVSS6.2AI score0.06198EPSS
Exploits0References39Affected Software1
OSV
OSV
added 2022/05/13 1:15 p.m.2 views

CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi...

9.8CVSS7.3AI score0.48957EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/13 1:15 p.m.6 views

CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi...

9.8CVSS7.3AI score0.48957EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2022/05/13 6:24 a.m.88 views

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify...

10CVSS1.9AI score0.99938EPSS
Exploits25
Rows per page
Query Builder