9792 matches found
DEBIAN-CVE-2021-44543
An XSS vulnerability was found in Privoxy which was fixed in cgierrornotemplate by encode the template name when Privoxy is configured to servce the user-manual itself...
The vulnerability of the cgi/options.py parameters in the GNU Mailman mailing list management package, related to the lack of protection for the website structure, allows for the execution of arbitrary JavaScript code.
The vulnerability in the cgi/options.py module of the GNU Mailman mailing list management package relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a remote attacker to execute arbitrary JavaScript code...
The vulnerability of the CGI Gem software arises from an operation that goes beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code on the target system.
The vulnerability of the CGI Gem software arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the target system...
The vulnerability of the cgi-bin/upload_firmware.cgi component of the D–Link DIR-823G router’s microprogramming system allows a hacker to cause a service failure.
The vulnerability of the cgi-bin/uploadfirmware.cgi component of the D–Link DIR-823G router’s microprogramming system is related to the lack of authentication. Exploiting this vulnerability can allow an attacker to cause a service failure...
PT-2021-24130 · Privoxy +4 · Privoxy +4
Name of the Vulnerable Software and Affected Versions: Privoxy affected versions not specified Description: A cross-site scripting XSS issue was discovered in Privoxy. The problem was addressed by encoding the template name in the cgi error no template function when Privoxy is set to serve the us...
Embedthis GoAhead Remote Code Execution Vulnerability
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked...
Gryphon Tower 跨站脚本漏洞
A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...
CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
Cross site scripting
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...
CVE-2021-44148
GL.iNet GL-AR150 2.x before 3.x devices configured as repeaters are affected by a cross‑site scripting (XSS) vulnerability in cgi-bin/router_cgi?action=scanwifi. An attacker can embed an XSS payload in the SSID name, triggering XSS. This is documented in CVE-2021-44148 (NVD/NVD-derived descriptio...
Sonicwall SMA100 缓冲区错误漏洞
The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A buffer error vulnerability in the modcgi module environment variable of the SonicWall SMA100 Apache httpd server allows an unauthenticated, remote attacker to potentially execute code as the nobody user in the device...
CVE-2021-26777
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...
UBUNTU-CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
The vulnerability of the WEB_CmdFileList() function implementation in D-Link DAP-2020 wireless access points allows a intruder to execute arbitrary code.
The vulnerability of the WEBCmdFileList function implementation in D-Link DAP-2020 wireless access points relates to the lack of measures taken to neutralize special elements used in operating system commands when processing CGI scripts. Exploiting this vulnerability can allow an attacker to...
[SECURITY] Fedora 35 Update: php-8.0.13-1.fc35
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...
Denial Of Service (DoS)
ruby is vulnerable to denial of service.The vulnerability exists due to cookie prefix spoofing in CGI::Cookie.parse, which allows an attacker to crash the application by providing a malicious input...
Denial Of Service (DoS)
ruby is vulnerable denial of service. an attacker can crash the application through the CGI.escapehtml by providing a very large string...
Buffer Overflow
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Buffer Overflow when a very large string 700 MB is passed to CGI.escapehtml on a platform where long type takes 4 bytes. Remediation Upgrade cgi to version 0.3.1, 0.2.1, 0.1.1 ...
[SECURITY] Fedora 33 Update: php-7.4.26-1.fc33
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...