9791 matches found
CVE-2022-27946
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to adminaccount.cgi...
CVE-2022-27947
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or ipv6lanlength parameter...
ASUS AC68U Buffer Overflow Vulnerability
The ASUS AC68U is a router from the Chinese company ASUS. A buffer overflow vulnerability exists in ASUS AC68U 3.0.0.4.385.20852 and prior versions, which stems from a failure to properly validate data boundaries when performing an operation in memory in blocking.cgi, which can be exploited by an...
Tenda M3 Command Injection Vulnerability (CNVD-2022-33114)
Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...
PHP-CGI Query String Parameter Vulnerability
sapi/cgi/cgimain.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code...
CVE-2022-27077
Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic...
CVE-2022-27083
Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...
Tenda M3 命令注入漏洞
Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...
Exploit for Improper Access Control in Webmin
CVE-2022-0824 !Dockerhttps://github.com/cryst4lliz3/CVE-2...
EulerOS 2.0 SP5 : ruby (EulerOS-SA-2022-1337)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to tri...
PT-2022-5814 · Dingtian · Dingtian Dt-R002
Name of the Vulnerable Software and Affected Versions: Dingtian DT-R002 2CH relay devices with firmware 3.1.276A Description: The issue is related to the relay cgi.cgi script on Dingtian DT-R002 2CH relay devices, which allows an attacker to replay HTTP post requests without the need for...
CVE-2022-24177
A cross-site scripting XSS vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML...
DEOS AG OPEN 710/810 Cross Site Scripting
Title: DEOS control systems GmbH - OPEN 710/810 EMS Cross Site Scripting Vulnerability Dork: app:"DEOS AG OPEN EMS System ics device httpd" Vendor page: https://www.deos-ag.com/en/ Exploit Author: n4pst3r Tested on: Debian POST /cgi-bin/option.cgi?function=2 HTTP/1.1 Content-Length: 83...
Fortinet FortiMail Input Validation Error Vulnerability
Fortinet FortiMail is a suite of email security gateway products from Fortinet, Inc. The product provides email security protection and data protection, among other features.An input validation error vulnerability exists in the FortiMail Web server CGI facility. An unauthenticated attacker could...
CVE-2021-32586
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...
Input validation
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...
CVE-2021-32586
CVE-2021-32586 affects Fortinet FortiMail prior to 7.0.1 and is caused by improper input validation in the web server CGI facilities, allowing an unauthenticated attacker to alter the environment of the script interpreter via specially crafted HTTP requests. Multiple sources (NVD entry, Red Hat a...
FortiMail - Unsafe handling of CGI environment parameters in web server framework
An improper input validation CWE-20 vulnerability in the web server CGI facilities of FortiMail may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...
CVE-2021-4029
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...
CVE-2021-4029
CVE-2021-4029 concerns Zyxel ARMOR Z1/Z2 firmware where the CGI program is vulnerable to command injection over the LAN interface. The available documents identify the affected component as the CGI entry point within the Zyxel firmware and state that an attacker could execute arbitrary OS command...