9791 matches found
CVE-2022-27268
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component getcgifrommemory. This vulnerability is triggered via a crafted packet...
PT-2022-18341 · Inhand Networks · Inrouter 900 Industrial 4G Router
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered in the get cgi from memory component. This issue can be triggered by a crafted packet, allowing for...
GHSA-M6CH-GG5F-WXX3 HTTP Proxy header vulnerability
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
CVE-2021-46418
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
CVE-2021-46418
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
Design/Logic Flaw
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
CVE-2021-46418
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts...
CVE-2021-46418
Telesquare TLR-2855KS6 is affected by CVE-2021-46418. The Nuclei template documents an unauthenticated vulnerability where an HTTP PUT request can create arbitrary files, including CGI scripts, on the device. Impact is described as potentially enabling remote code execution via file creation. Aff...
Telesquare TLR-2855KS6 安全漏洞
The Telesquare TLR-2855KS6 is an LTE router from Telesquare Korea. A security vulnerability exists in the Telesquare TLR-2855KS6 that stems from an unauthorized file creation vulnerability via the PUT method that could allow the creation of CGI scripts...
Exploit for Path Traversal in Apache Http_Server
Exploit for CVE-2021-41773 and CVE-2021-42013 Path travers...
Update now! Zyxel patches critical firewall bypass vulnerability
In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...
Authentication Bypass Vulnerability in Zyxel Firmware
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A severe vulnerability CVE-2022-0342 has been discovered in the firmware of some of Zyxels business-grade firewall and VPN products, potentially allowing attackers administrator-level access to affected devices. This...
Vulnerability fixed in Zyxel Firewall and VPN systems
Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...
CVE-2021-43722
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnapmain function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1361)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
CVE-2022-0342
CVE-2022-0342 describes an authentication bypass in Zyxel CGI web interfaces across multiple product lines (USG/ZyWALL, USG FLEX, ATP, VPN, NSG) with firmware ranges 4.20–4.70, 4.50–5.20, 4.32–5.20, 4.30–5.20, and 1.20–1.33 Patch 4. The flaw allows bypassing web authentication to obtain administr...
EulerOS 2.0 SP8 : ruby (EulerOS-SA-2022-1361)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
SonicWall SMA100 Directory Traversal Vulnerability
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...
The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.
The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...