9791 matches found
CVE-2021-43164
CVE-2021-43164 affects Ruijie RG-EW Series routers running ReyeeOS up to 1.55.1915 / EW_3.0(1)B11P55. The vulnerability is an RCE via the updateVersion function in /cgi-bin/luci/api/wireless, with PoC and public exploit code showing authenticated access can trigger code execution on affected devi...
GHSA-9RJ9-5WCV-XGF2 Roundup Improper Access Control
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...
The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.
The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CGI interpreter component for the PHP programming language allows attackers to disclose protected information, compromise data integrity, or cause service failures.
The vulnerability of the cgi component sapi/cgi/cgimain.c in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to disclose sensitive information, compromise data integrity, or cause service failures...
CVE-2021-40680
There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...
Directory traversal
There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...
CVE-2021-40680
There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...
Artica Proxy 路径遍历漏洞
Artica Proxy is an open source Artica proxy solution from Artica France. A security vulnerability exists in Artica Proxy VMWare Appliance 4.30.000000 SP273 and earlier versions and Artica Proxy versions 4.30.000000 SP206 through SP255, which stems from a lack of filtering of the filename paramete...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1496)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1515)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1458)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1437)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1515)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1496)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2022-1458)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2022-1437)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
ArduPilot APWeb 缓冲区错误漏洞
ArduPilot APWeb is an ArduPilot web server interface. A security vulnerability exists in ArduPilot APWeb that stems from a memory corruption in the cgi.c unescape function. An attacker can send a specially crafted HTTP request to trigger this vulnerability...
ArduPilot APWeb cgi.c unescape memory corruption vulnerability
Summary A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested...
PT-2022-19187 · Ardupilot · Ardupilot Apweb
Name of the Vulnerable Software and Affected Versions: ArduPilot APWeb master branch versions 50b6b7ac through 46177cb9 Description: A memory corruption issue exists in the cgi.c unescape functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An...
CVE-2022-27268
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component getcgifrommemory. This vulnerability is triggered via a crafted packet...