Lucene search
K

9791 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/26 5:15 p.m.3 views

CVE-2022-27946

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to adminaccount.cgi...

9CVSS7.5AI score0.03197EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/26 5:15 p.m.3 views

CVE-2022-27947

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or ipv6lanlength parameter...

9CVSS7.5AI score0.02821EPSS
Exploits1References2
CNVD
CNVD
added 2022/03/25 12:0 a.m.14 views

ASUS AC68U Buffer Overflow Vulnerability

The ASUS AC68U is a router from the Chinese company ASUS. A buffer overflow vulnerability exists in ASUS AC68U 3.0.0.4.385.20852 and prior versions, which stems from a failure to properly validate data boundaries when performing an operation in memory in blocking.cgi, which can be exploited by an...

7.8CVSS7.1AI score0.01782EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/25 12:0 a.m.14 views

Tenda M3 Command Injection Vulnerability (CNVD-2022-33114)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...

10CVSS5.6AI score0.02654EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.167 views

PHP-CGI Query String Parameter Vulnerability

sapi/cgi/cgimain.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code...

9.8CVSS6.3AI score0.99998EPSS
In wildExploits42
NVD
NVD
added 2022/03/24 12:15 a.m.17 views

CVE-2022-27077

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic...

10CVSS0.02654EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/03/23 11:25 p.m.24 views

CVE-2022-27083

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...

10AI score0.02871EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.3 views

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...

10CVSS5.9AI score0.02654EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2022/03/22 3:49 a.m.46 views

Exploit for Improper Access Control in Webmin

CVE-2022-0824 !Dockerhttps://github.com/cryst4lliz3/CVE-2...

9CVSS8.6AI score0.96977EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2022/03/21 12:0 a.m.49 views

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2022-1337)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to tri...

7.5CVSS7.1AI score0.0305EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/03/14 12:0 a.m.5 views

PT-2022-5814 · Dingtian · Dingtian Dt-R002

Name of the Vulnerable Software and Affected Versions: Dingtian DT-R002 2CH relay devices with firmware 3.1.276A Description: The issue is related to the relay cgi.cgi script on Dingtian DT-R002 2CH relay devices, which allows an attacker to replay HTTP post requests without the need for...

5.9CVSS5.9AI score0.10436EPSS
Exploits5References15
OSV
OSV
added 2022/03/10 5:45 p.m.2 views

CVE-2022-24177

A cross-site scripting XSS vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS6.5AI score
Exploits0References1
Packet Storm
Packet Storm
added 2022/03/09 12:0 a.m.398 views

DEOS AG OPEN 710/810 Cross Site Scripting

Title: DEOS control systems GmbH - OPEN 710/810 EMS Cross Site Scripting Vulnerability Dork: app:"DEOS AG OPEN EMS System ics device httpd" Vendor page: https://www.deos-ag.com/en/ Exploit Author: n4pst3r Tested on: Debian POST /cgi-bin/option.cgi?function=2 HTTP/1.1 Content-Length: 83...

7.4AI score
Exploits0
CNVD
CNVD
added 2022/03/03 12:0 a.m.20 views

Fortinet FortiMail Input Validation Error Vulnerability

Fortinet FortiMail is a suite of email security gateway products from Fortinet, Inc. The product provides email security protection and data protection, among other features.An input validation error vulnerability exists in the FortiMail Web server CGI facility. An unauthenticated attacker could...

9.8CVSS0.9AI score0.01038EPSS
Exploits0References1
NVD
NVD
added 2022/03/01 7:15 p.m.17 views

CVE-2021-32586

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...

9.8CVSS0.01038EPSS
Exploits0References1
Prion
Prion
added 2022/03/01 7:15 p.m.14 views

Input validation

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...

7.5CVSS9.3AI score0.01038EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/01 6:20 p.m.100 views

CVE-2021-32586

CVE-2021-32586 affects Fortinet FortiMail prior to 7.0.1 and is caused by improper input validation in the web server CGI facilities, allowing an unauthenticated attacker to alter the environment of the script interpreter via specially crafted HTTP requests. Multiple sources (NVD entry, Red Hat a...

9.8CVSS9.4AI score0.01038EPSS
Exploits0References1Affected Software1
Fortinet
Fortinet
added 2022/03/01 12:0 a.m.26 views

FortiMail - Unsafe handling of CGI environment parameters in web server framework

An improper input validation CWE-20 vulnerability in the web server CGI facilities of FortiMail may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests...

7.5CVSS8.9AI score0.01038EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/02/24 3:15 p.m.2 views

CVE-2021-4029

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...

8.8CVSS7.5AI score0.00755EPSS
Exploits0References1
CVE
CVE
added 2022/02/22 2:25 p.m.85 views

CVE-2021-4029

CVE-2021-4029 concerns Zyxel ARMOR Z1/Z2 firmware where the CGI program is vulnerable to command injection over the LAN interface. The available documents identify the affected component as the CGI entry point within the Zyxel firmware and state that an attacker could execute arbitrary OS command...

8.8CVSS8.9AI score0.00755EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder