Lucene search
K

9792 matches found

The Hacker News
The Hacker News
added 2022/05/13 6:24 a.m.88 views

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify...

10CVSS1.9AI score0.99938EPSS
Exploits25
OSV
OSV
added 2022/05/13 1:23 a.m.4 views

GHSA-V646-RX6W-R3QQ Improper Access Control in Apache Tomcat

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8.1CVSS6.9AI score0.50896EPSS
Exploits0References36
Github Security Blog
Github Security Blog
added 2022/05/13 1:23 a.m.36 views

Improper Access Control in Apache Tomcat

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8.1CVSS2AI score0.50896EPSS
Exploits0References36Affected Software1
NVD
NVD
added 2022/05/12 2:15 p.m.21 views

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

10CVSS0.99938EPSS
Exploits25References6
OSV
OSV
added 2022/05/12 2:15 p.m.1 views

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

9.8CVSS7.4AI score0.99938EPSS
Exploits25References6
CVE
CVE
added 2022/05/12 1:5 p.m.1678 views

CVE-2022-30525

CVE-2022-30525 is an OS command injection in Zyxel firewall CGI (Zero Touch Provisioning) that allows remote, unauthenticated code execution via /ztp/cgi-bin/handler (nobody user). Affected: USG FLEX series (5.00–5.21 Patch 1), USG FLEX 50W/USG20(W)-VPN (5.10–5.21 Patch 1), ATP series (5.10–5.21 ...

10CVSS9AI score0.99938EPSS
In wildExploits25References6Affected Software1
Packet Storm
Packet Storm
added 2022/05/12 12:0 a.m.264 views

TLR-2005KSH Arbitrary File Delete

Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...

9.4CVSS0.4AI score0.36834EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2022/05/11 12:0 a.m.8 views

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...

6.3CVSS8.1AI score0.31789EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2022/05/07 12:0 a.m.34 views

EulerOS Virtualization 3.0.2.0 : ruby (EulerOS-SA-2022-1676)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV...

7.5CVSS7.1AI score0.03222EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2022/05/05 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1613)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/05/05 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1637)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.26 views

EulerOS Virtualization 2.9.0 : ruby (EulerOS-SA-2022-1637)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...

7.5CVSS7.2AI score0.02931EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.30 views

EulerOS Virtualization 2.9.1 : ruby (EulerOS-SA-2022-1613)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...

7.5CVSS7.2AI score0.02931EPSS
Exploits1References2
NVD
NVD
added 2022/05/04 1:15 a.m.7 views

CVE-2021-43164

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless...

8.8CVSS0.34947EPSS
Exploits4References3
NVD
NVD
added 2022/05/04 1:15 a.m.12 views

CVE-2021-43160

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose...

8.8CVSS0.01814EPSS
Exploits0References2
NVD
NVD
added 2022/05/04 1:15 a.m.10 views

CVE-2021-43161

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch...

8.8CVSS0.01814EPSS
Exploits0References2
OSV
OSV
added 2022/05/04 1:15 a.m.4 views

CVE-2021-43159

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...

8.8CVSS7.4AI score0.01947EPSS
Exploits0References2
Prion
Prion
added 2022/05/04 1:15 a.m.14 views

Remote code execution

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...

6.5CVSS8.8AI score0.01947EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/05/04 1:15 a.m.11 views

Remote code execution

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the checkNet function in /cgi-bin/luci/api/auth...

7.5CVSS9.5AI score0.02169EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/04 12:8 a.m.17 views

CVE-2021-43159

A Remote Code Execution RCE vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW3.01B11P55 via the setSessionTime function in /cgi-bin/luci/api/common...

9.1AI score0.01947EPSS
Exploits0References2
Rows per page
Query Builder