9792 matches found
Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability
Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify...
GHSA-V646-RX6W-R3QQ Improper Access Control in Apache Tomcat
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Improper Access Control in Apache Tomcat
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...
CVE-2022-30525
CVE-2022-30525 is an OS command injection in Zyxel firewall CGI (Zero Touch Provisioning) that allows remote, unauthenticated code execution via /ztp/cgi-bin/handler (nobody user). Affected: USG FLEX series (5.00–5.21 Patch 1), USG FLEX 50W/USG20(W)-VPN (5.10–5.21 Patch 1), ATP series (5.10–5.21 ...
TLR-2005KSH Arbitrary File Delete
Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...
EulerOS Virtualization 3.0.2.0 : ruby (EulerOS-SA-2022-1676)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1613)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1637)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.9.0 : ruby (EulerOS-SA-2022-1637)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...
EulerOS Virtualization 2.9.1 : ruby (EulerOS-SA-2022-1613)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...
CVE-2021-43164
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless...
CVE-2021-43160
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose...
CVE-2021-43161
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch...
CVE-2021-43159
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...
Remote code execution
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...
Remote code execution
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the checkNet function in /cgi-bin/luci/api/auth...
CVE-2021-43159
A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...