9792 matches found
Improper Authentication
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability t...
GHSA-4VF4-QMVG-MH7H Cookie Prefix Spoofing in CGI::Cookie.parse
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem prior to versions 0.3.1, 0.2.1, 0.1.1, and 0.1.0.1 for Ruby...
Cookie Prefix Spoofing in CGI::Cookie.parse
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem prior to versions 0.3.1, 0.2.1, 0.1.1, and 0.1.0.1 for Ruby...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5235-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5235-1 advisory. It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash...
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
...
GO-2021-0226 Cross-site scripting in net/http/cgi and net/http/fcgi
When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the...
The vulnerability of the Apache mod_cgi module for HTTP servers in the SonicWall network device software for the SMA series (SMA 100, SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500vl) allows attackers to execute arbitrary code.
The vulnerability of the Apache modcgi module for HTTP servers in the SonicWall network devices from the SMA series SMA 100, SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v is related to the execution of code outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to...
Telesquare TLR-2005KSH Access Control Error Vulnerability
Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from Telesquare Korea.Telesquare TLR-2005KSH is vulnerable to an access control error, which can be exploited by attackers to upload arbitrary files, including HTML and CGI formats...
Netgear RAX43 Buffer Overflow Vulnerability
The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...
CVE-2021-45428
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
Improper access control
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
CVE-2021-45428
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
CVE-2021-45428
Summary: CVE-2021-45428 affects Telesquare TLR-2005KSH 1.0.0. An incorrect access control vulnerability leaves the PUT/WebDAV path enabled, allowing an attacker to upload arbitrary files (e.g., HTML/CGI). This can lead to remote code execution as described in public exploit notes. The NVD metrics...
Netgear RAX43 Command Injection Vulnerability
Netgear RAX43 is a wireless router from Netgear, Inc. A command injection vulnerability exists in Netgear RAX43, which stems from the inclusion of a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. No details of the...
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
AZL-7126 CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
Code injection
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...