Lucene search
K

9791 matches found

OSV
OSV
added 2022/04/10 9:15 p.m.2 views

CVE-2022-27268

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component getcgifrommemory. This vulnerability is triggered via a crafted packet...

9.8CVSS7.8AI score0.03592EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/04/10 12:0 a.m.4 views

PT-2022-18341 · Inhand Networks · Inrouter 900 Industrial 4G Router

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered in the get cgi from memory component. This issue can be triggered by a crafted packet, allowing for...

9.8CVSS9.6AI score0.03592EPSS
Exploits1References4
OSV
OSV
added 2022/04/07 1:59 p.m.102 views

GHSA-M6CH-GG5F-WXX3 HTTP Proxy header vulnerability

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS6.4AI score0.50427EPSS
Exploits0References40
NVD
NVD
added 2022/04/07 12:15 p.m.12 views

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

7.5CVSS0.23945EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2022/04/07 12:15 p.m.5 views

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

7.5CVSS7.2AI score0.23945EPSS
Exploits4References4
Prion
Prion
added 2022/04/07 12:15 p.m.21 views

Design/Logic Flaw

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

5CVSS7.5AI score0.23945EPSS
Exploits4References2
Cvelist
Cvelist
added 2022/04/07 11:18 a.m.24 views

CVE-2021-46418

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...

7.7AI score0.23945EPSS
Exploits4References2
CVE
CVE
added 2022/04/07 11:18 a.m.108 views

CVE-2021-46418

Telesquare TLR-2855KS6 is affected by CVE-2021-46418. The Nuclei template documents an unauthenticated vulnerability where an HTTP PUT request can create arbitrary files, including CGI scripts, on the device. Impact is described as potentially enabling remote code execution via file creation. Aff...

7.5CVSS7.5AI score0.23945EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.7 views

Telesquare TLR-2855KS6 安全漏洞

The Telesquare TLR-2855KS6 is an LTE router from Telesquare Korea. A security vulnerability exists in the Telesquare TLR-2855KS6 that stems from an unauthorized file creation vulnerability via the PUT method that could allow the creation of CGI scripts...

7.5CVSS7.3AI score0.23945EPSS
Exploits4References5
GithubExploit
GithubExploit
added 2022/04/04 10:7 p.m.452 views

Exploit for Path Traversal in Apache Http_Server

Exploit for CVE-2021-41773 and CVE-2021-42013 Path travers...

9.8CVSS9.3AI score0.99992EPSS
Exploits173
Malwarebytes
Malwarebytes
added 2022/04/04 10:22 a.m.56 views

Update now! Zyxel patches critical firewall bypass vulnerability

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...

7.5CVSS9.8AI score0.84839EPSS
Exploits0
hivepro
hivepro
added 2022/04/02 12:44 a.m.61 views

Authentication Bypass Vulnerability in Zyxel Firmware

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A severe vulnerability CVE-2022-0342 has been discovered in the firmware of some of Zyxels business-grade firewall and VPN products, potentially allowing attackers administrator-level access to affected devices. This...

7.5CVSS1.3AI score0.84839EPSS
Exploits0
NCSC
NCSC
added 2022/04/01 12:0 a.m.7 views

Vulnerability fixed in Zyxel Firewall and VPN systems

Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...

9.8CVSS7.1AI score0.84839EPSS
Exploits0
OSV
OSV
added 2022/03/31 9:15 p.m.3 views

CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...

9.8CVSS5.8AI score0.03114EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/03/29 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1361)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
NVD
NVD
added 2022/03/28 1:15 p.m.23 views

CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...

9.8CVSS0.84839EPSS
Exploits0References1
CVE
CVE
added 2022/03/28 12:5 p.m.165 views

CVE-2022-0342

CVE-2022-0342 describes an authentication bypass in Zyxel CGI web interfaces across multiple product lines (USG/ZyWALL, USG FLEX, ATP, VPN, NSG) with firmware ranges 4.20–4.70, 4.50–5.20, 4.32–5.20, 4.30–5.20, and 1.20–1.33 Patch 4. The flaw allows bypassing web authentication to obtain administr...

9.8CVSS9.5AI score0.84839EPSS
In wildExploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/28 12:0 a.m.37 views

EulerOS 2.0 SP8 : ruby (EulerOS-SA-2022-1361)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS7.3AI score0.02931EPSS
Exploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/28 12:0 a.m.12 views

SonicWall SMA100 Directory Traversal Vulnerability

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

7.5CVSS3.3AI score0.03977EPSS
In wildExploits0
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.6 views

The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.

The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...

9CVSS7.9AI score0.96977EPSS
Exploits13References7Affected Software2
Rows per page
Query Builder