Lucene search
K

9793 matches found

BDU FSTEC
BDU FSTEC
added 2021/09/29 12:0 a.m.5 views

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine aircraft monitoring application, which allows a violator to execute arbitrary commands

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine monitoring application exists because measures are not taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

10CVSS8.4AI score0.97599EPSS
Exploits1References6Affected Software1
Apache Httpd
Apache Httpd
added 2021/09/29 12:0 a.m.256 views

Apache Httpd < 2.4.50 : Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

9.8CVSS1AI score0.99992EPSS
Exploits148
Openbugbounty
Openbugbounty
added 2021/09/27 7:30 p.m.36 views

All Vulnerabilities for amri.ninds.nih.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| amri.ninds.nih.gov ---|--- Open Bug...

6.3AI score
Exploits0
0day.today
0day.today
added 2021/09/17 12:0 a.m.282 views

Geutebruck instantrec Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and...

7.2CVSS1.1AI score0.66194EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2021/09/07 12:0 a.m.4 views

The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.99998EPSS
Exploits42References9Affected Software1
OpenVAS
OpenVAS
added 2021/09/05 12:0 a.m.6 views

Fedora: Security Advisory for php (FEDORA-2021-45ba66bd29)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
0day.today
0day.today
added 2021/09/05 12:0 a.m.351 views

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal Vulnerability

Product: Artica Proxy VMWare Appliance Vendor/Manufacturer: ArticaTech https://www.articatech.com Affected Versions: 4.30.000000 =SP273 Tested Versions: 4.30.000000 SP273 Vulnerability Type: Relative path traversal CWE-23, Improper Limitation of a Pathname to a restricted Directory CWE-22, CWE 35...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/03 12:0 a.m.190 views

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal

Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare Appliance Vendor/Manufacturer: ArticaTech https://www.articatech.com Affected Versions: 4.30.000000 =SP273 Tested Versions: 4.30.000000 SP273 Vulnerability Type: Relative path traversal CWE-23, Improper Limitation of a Pathname to a restrict...

0.5AI score
Exploits0
Fedora
Fedora
added 2021/09/02 11:47 p.m.23 views

[SECURITY] Fedora 34 Update: php-7.4.23-1.fc34

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

2.2AI score
Exploits0
0day.today
0day.today
added 2021/09/02 12:0 a.m.226 views

Compro Technology IP Camera - (Multiple) Credential Disclosure Vulnerability

Exploit Title: Compro Technology IP Camera - 'Multiple' Credential Disclosure Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40380 There are unauthorized access vulnerabilitie...

7.5CVSS0.4AI score0.22724EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/09/02 12:0 a.m.214 views

Compro Technology IP Camera Stream Disclosure

Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized acce...

7.6AI score0.22724EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/09/02 12:0 a.m.244 views

Compro Technology IP Camera - &#039; index_MJpeg.cgi&#039; Stream Disclosure

Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized acce...

7.5CVSS7.7AI score0.22724EPSS
Exploits3
OSV
OSV
added 2021/09/01 6:15 p.m.3 views

CVE-2021-40380

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials...

7.5CVSS5.7AI score0.22724EPSS
Exploits3References2
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.3 views

Compro Camera 安全漏洞

Compro Technology Camera is a video camera from Compro Technology China. A security vulnerability exists in Compro Camera that stems from indexMJpeg.cgi that allows video access. The following products and versions are affected: Compro IP70 2.087130218, IP570 2.087130520, IP60 and TN540...

7.5CVSS7.3AI score0.22724EPSS
Exploits3References4
NVD
NVD
added 2021/08/23 5:15 a.m.28 views

CVE-2021-39243

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

6.5CVSS0.00535EPSS
Exploits3References2
Prion
Prion
added 2021/08/23 5:15 a.m.22 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

4.3CVSS6.7AI score0.00535EPSS
Exploits3References2Affected Software15
Cvelist
Cvelist
added 2021/08/23 4:24 a.m.28 views

CVE-2021-39243

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

6.9AI score0.00535EPSS
Exploits3References2
NVD
NVD
added 2021/08/13 4:15 p.m.21 views

CVE-2021-36380

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi...

10CVSS0.97599EPSS
Exploits1References3
OSV
OSV
added 2021/08/10 8:15 p.m.4 views

CVE-2021-28846

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

6.5CVSS5.8AI score0.00814EPSS
Exploits0References1
OSV
OSV
added 2021/08/10 7:15 p.m.4 views

CVE-2021-28844

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi via a dographauth action without a sessionid key...

7.5CVSS5.8AI score0.00961EPSS
Exploits0References1
Rows per page
Query Builder